
OpenZeppelin co-founder Manuel Aráoz says AI-powered attackers make DeFi security unwinnable. April saw $600M in exploits. Aave, MakerDAO, Compound exposed.
Compass, Inc. currently carries an Alpha Score of n/a, giving AlphaScala's model a neutral read on the setup.
Manuel Aráoz, co-founder of OpenZeppelin, stated on May 26 that he now considers the entire DeFi sector unsafe. He went further, saying he has personally urged friends and family to withdraw their positions from major lending protocols including Aave, MakerDAO, and Compound.
This is not a competitor trying to poach liquidity or a regulator with an enforcement agenda. Aráoz runs the firm that profits from DeFi's continued existence. When someone with that incentive calls the system unsafe, the signal carries weight.
Aráoz's argument rests on a structural asymmetry that security professionals have understood for decades. Defenders must find every vulnerability. Attackers need only one. A smart contract audit might catch 99 out of 100 flaws. The one it misses is all it takes to drain a protocol.
The math was already unfavorable before AI coding agents entered the picture. Those tools can scan massive codebases, identify weaknesses, and generate exploit code at a speed and scale no human audit team can match. Both sides now have access to the same AI capabilities. The economics still favor offense.
OpenZeppelin itself launched AI-powered security tools in May 2026, designed to strengthen its auditing pipeline. The founder of the same company is now saying those tools are not enough to make DeFi safe.
April 2026 saw over $600 million lost to DeFi exploits, according to publicly reported figures. That single-month total exceeds the annual losses of some traditional financial sectors. The magnitude forces a question the industry has been dancing around: can current auditing methodologies, even enhanced with AI, ever provide meaningful security guarantees for systems that hold billions in user funds?
The trend line is not improving despite years of investment in better tools and practices. If anything, the pace of losses has accelerated as protocols grow more complex and interconnected.
Aráoz named three of the largest lending protocols in DeFi. Each holds significant total value locked (TVL) and serves as a liquidity backbone for hundreds of smaller protocols.
All three use OpenZeppelin's contract libraries in their codebases. That is the irony Aráoz is pointing at: the very libraries his company wrote and audited may contain vulnerabilities that AI-augmented attackers can now find faster than human reviewers.
Traditional software companies ship patches and security updates continuously. A vulnerability in a web application can be fixed in hours. A fundamental design flaw in a smart contract governing a $10 billion lending pool is a potential extinction event.
Immutable contracts cannot always be upgraded without introducing new governance risks. Upgrades require votes, and votes can be contentious. The time between discovering a bug and deploying a fix can be days or weeks, during which the protocol remains exposed.
This structural constraint means even best-in-class security reviews provide only a snapshot of risk at one point in time. After deployment, the attack surface evolves as new tools become available to adversaries.
Aráoz's warning does not mean DeFi is guaranteed to suffer a catastrophic failure tomorrow. It does mean the baseline risk assumption for anyone with capital deployed in lending protocols has increased.
Factors that would reduce the risk:
Factors that would make the risk worse:
As of May 27, token prices for Aave (AAVE), Compound (COMP), and Maker (MKR) have not shown an immediate reaction directly attributable to Aráoz's statement. Markets are pricing the current information at face value. The real test comes when the next exploit occurs and the market has to decide whether this story has already been discounted.
For traders and capital allocators, the practical takeaway is straightforward: the person with the most credibility in smart contract security just downgraded the entire asset class. That changes the baseline for watchlist decisions, even if prices have not moved yet. The next category-defining event will determine whether this warning was prescient or ignored.
Read more: crypto market analysis
Prepared with AlphaScala editorial tooling from the source reporting linked above. Indexable analysis may include a cited Alpha Score value. Publishing checks screen each story before release. Educational coverage, not personalized advice.