Developer Warns All DeFi Unsafe Amid AI Threats

Manuel Aráoz, co-founder of smart contract auditor OpenZeppelin, has declared the entire decentralized finance (DeFi) sector unsafe and advised friends and family to exit all positions, citing advances in artificial intelligence that allow coding agents to find vulnerabilities with "superhuman" capability [1]. This stark assessment follows a period of significant losses, with over $1.1 billion drained from DeFi in the past year and April recording the highest volume of crypto hacks on record [2].

Key takeaways

• Manuel Aráoz warned that AI coding agents make DeFi unsafe and advised exiting positions in major protocols like Aave and Compound [1].
• The sector lost more than $1.1 billion to exploits over the past year, with April alone seeing $635 million stolen across 28 separate hacks [2].
• Industry figures like Uniswap founder Hayden Adams argue that AI tools can also be used defensively to strengthen protocols, countering the narrative that AI is solely a threat [1].
• Security experts note that many hacks stem from operational failures, such as private key theft and social engineering, rather than flaws in the smart contract code itself [2].

AI Shifts the Security Landscape

Aráoz pointed to the release of Anthropic’s Mythos model, which reportedly uncovered critical bugs in software that had run in production for decades, as evidence that the security landscape has fundamentally changed [1]. He explained that smart contract security is asymmetric because defenders must fix every bug while attackers need only one exploit to succeed [1]. Venture capital firm a16z noted that AI agents can now identify critical weaknesses that previously required deep technical expertise, effectively lowering the barrier to entry for attackers [2]. Due to these implications, exchanges such as Coinbase have reportedly reached out to Anthropic to gain access to the restricted Mythos system [1].

Industry Divided on Risks and Responses

Not all industry leaders agree with the assessment that the space is inherently unsafe. Aave founder Stani Kulechov and Uniswap founder Hayden Adams countered that the same AI capabilities used by attackers are increasingly being utilized by security researchers and auditors to bolster defenses [1]. Marc Zeller of the Aave Chan Initiative criticized the warning as "moronic," noting that less than 10% of DeFi issues in the past year stemmed from the actual codebase [1]. OpenZeppelin, the firm Aráoz co-founded, clarified that his views do not reflect the company's official position, as he left in 2019 [1]. While Aráoz focused on code vulnerabilities, recent incidents like the compromise of stablecoin issuer StablR illustrate that social engineering and centralized key management remain significant weak points [1].