一线審計大神警告：所有DeFi都不安全，快撤！

Original | Odaily Planet Daily (@OdailyChina)

Author | Azuma (@azuma_eth)

"I believe all DeFi is now insecure."

This assertion, left by OpenZeppelin founder Manuel Aráoz on X yesterday, landed like a depth charge, once again shaking the already stagnant DeFi market.

Manuel even stated that he has begun advising friends and family to withdraw funds from major DeFi protocols, including blue-chip protocols once considered low-risk, such as Aave, MakerDAO, and Compound.

This is not alarmist talk from an outsider. On the contrary, Manuel himself is one of the core builders of the DeFi security system, and OpenZeppelin is one of the industry's most mainstream security audit firms, whose contract libraries, security standards, and audit frameworks have permeated almost the entire DeFi world.

The reason for Manuel's complete shift in attitude is AI. Manuel pessimistically believes that AI Coding Agents' ability to identify and exploit smart contract vulnerabilities is increasing exponentially.

This means that problems that once took top white-hat teams weeks to discover can now be scanned by AI in minutes; attack paths that hackers previously had to study protocol logic for months to find can now be autonomously analyzed by AI; and DeFi's "transparency," once an advantage, has now become the best training corpus for attackers.

Manuel also mentioned a more fatal problem: smart contract security is essentially a highly asymmetric game – the defender must fix all vulnerabilities, while the attacker only needs to find one to steal funds. As AI begins to exponentially enhance attack efficiency, this asymmetry is rapidly becoming unbalanced.

The Cold Reality: DeFi Has Become an ATM for Hackers

Looking back at DeFi security incidents in the past few months, Manuel's concerns are not an exaggeration.

April was arguably the worst month in DeFi history.

• On April 1st (April Fools' Day), Drift Protocol was looted for $280 million due to an admin privilege hijacking and multi-sig execution vulnerability (see: April Fools' Joke? Drift Protocol Hacked for Over $280 Million, Potentially Second Largest DeFi Heist on Solana).
• Then, on April 19th, Kelp DAO was robbed of $292 million after its bridging protocol was breached (see: DeFi Robbed Again for $292 Million; Is Even Aave No Longer Safe?). The hacker subsequently fled by routing through lending protocols like Aave, casting a shadow of bad debt and its knock-on effects over the entire DeFi ecosystem.

Entering May, the number of incidents didn't decrease but actually spread further.

• On May 15th, THORChain was attacked. A newly joined node operator exploited a vulnerability in the GG20 Threshold Signature Scheme (TSS) to reconstruct the vault's private key and execute outbound transactions, causing losses of over $10 million.
• On May 18th, Verus's bridging protocol was attacked. The attacker forged cross-chain import payloads, bypassing verification to withdraw assets from Ethereum reserves, stealing approximately $11.58 million.
• On May 19th, Echo Protocol on Monad was attacked due to a private key leak. The attacker minted 1,000 eBTC (worth $76.7 million) and extracted funds via Curvance using a previously tested attack path.
• On May 24th, StablR, a compliant stablecoin issuer under the MiCA regulatory framework, was attacked. The hacker profited over $2.8 million by minting additional EURR and USDR, causing EURR and USDR to de-peg.
• On May 25th, the SquidRouter module was attacked, resulting in the theft of approximately $3 million in assets from 86 Gnosis Safe wallets.
• On May 27th, the deployer's private key for StakeDAO was leaked on Arbitrum. The attacker minted approximately 5.45 trillion vsdCRV and partially exchanged it for 43.7 ETH before fleeing.

The high frequency of security incidents has sounded the alarm. From on-chain code to off-chain management, DeFi seems to be losing ground across the board.

AI Has Become a Nuclear Weapon for Hackers

Why has the DeFi offensive-defensive dynamic suddenly accelerated towards collapse this summer? In addition to the evolution of traditional hacking techniques, the rapid advancement of AI large language models is becoming the ultimate weight tipping the balance.

In the past, finding a complex smart contract vulnerability (especially those involving cross-chain, multi-layer nesting, or extremely subtle reentrancy logic) required top hackers weeks or even months of code analysis. However, with the maturation of AI agents possessing ultra-long contexts, strong logical reasoning, and autonomous tool-calling capabilities, this has undergone a qualitative change.

• Second-Level Scanning and "Zero-Day" Vulnerability Discovery Across Networks: Attackers just need to feed open-source codebases to new-generation AI reasoning models. The AI can then, in seconds, like a senior security expert, simulate hundreds of extreme interaction scenarios and precisely pinpoint boundary conditions that human auditors might miss in fatigue.
• Automated Attack Script Generation: AI can not only discover vulnerabilities but also automatically write, test, and deploy "hacker smart contracts" designed to extract funds.
• Perfect Orchestration of Off-Chain DevOps and Social Engineering: AI can impersonate a perfect developer for phishing or monitor a DeFi team's GitHub commit history around the clock. Once a team uploads code containing sensitive information or unverified fixes, the AI can launch an attack in seconds – far faster than a human security officer's response time.

In this AI-powered security warfare, hackers possess nearly unlimited ammunition and second-level attack speed thanks to AI. However, DeFi, constrained by slow governance votes, multi-sig confirmations, and lagging security audits, struggles to mount a corresponding defense.

Last month, Anthropic, the AI development company behind Claude, officially announced its new-generation model, Mythos (see: Anthropic Created the Most Powerful AI Model in History, but Dares Not Release It...). This is the first model in human history with total parameters exceeding 100 trillion (in contrast, current mainstream models range from hundreds of billions to one trillion parameters), with a staggering training cost of $10 billion.

However, due to Mythos's specialized capabilities in network security (Anthropic disclosed that the company identified thousands of zero-day vulnerabilities using Mythos within just a few weeks), Anthropic doesn't even dare to publicly release the model directly for fear of malicious exploitation by hacker groups. Instead, it plans to first let top-tier companies trial and review it through a "Glass Wing" program to patch potential vulnerabilities preemptively.

The current security situation in DeFi is already severe enough; it's hard to imagine what new threats the industry's security defenses will face after Mythos is publicly released.

The Biggest Problem: The Risk-Reward Ratio is Already Broken

For ordinary DeFi participants, liquidity providers (LPs), and whales, the most important issue now is to sit down and do the math.

For a long time, users chose to deposit funds into DeFi seeking annual percentage yields several times higher than traditional finance. During bull markets or the frenzy of yield farming, returns of 10%, 20%, or even higher were enough to cover people's psychological expectations regarding "potential technical risks."

But today, this underlying logic has long been shaken, even overturned. DeFi's risk-reward ratio is already out of whack. On the return side, as the market enters a phase of competition for existing liquidity and safety pads thicken, the real yields of most mainstream, relatively reliable DeFi protocols have fallen back to single digits. On the risk side, users' principal is exposed to a black box that could be breached by AI or emptied instantly by a flash loan at any time. Once a protocol is hacked, tokens going to zero and liquidity pools being drained often happen within minutes, with no legal recourse, insurance, or central bank to cover the losses.

Risking a 100% loss of principal to chase roughly 5% annualized returns is clearly not a good deal.

Manuel's words may be absolute, but they tear off DeFi's final fig leaf. In the face of the reality where hackers have adopted AI as a standard weapon and security incidents in the industry keep erupting, if you are not psychologically prepared to lose 100% of your principal for a certain yield, then "withdrawing funds quickly and securing profits is perhaps the most rational, risk-management-compliant choice in the current market cycle."