9
OpenZeppelin CEO Manuel Araoz said he now considers "all" of decentralized finance (DeFi) unsafe because coding agents have become "superhuman" at finding vulnerabilities in a post on X Wednesday.
The warning from one of crypto's top security executives comes as DeFi's total value locked has dropped by over $20 billion since the start of the year, according to DeFiLlama data. While some of that reflects broader crypto price weakness, the sector has also been battered by a steady stream of exploits that continue to test confidence in onchain finance.
PSA: I now consider *all* of DeFi unsafe.
— Manuel Aráoz (@maraoz) May 26, 2026
Coding agents are superhuman at finding vulnerabilities, and smart contract security is too asymmetric: defenders need to fix every bug while attackers need just one exploit to steal funds.
DefiLlama data shows that more than $1.1 billion has been lost to DeFi hacks over the past 365 days, including April's $292 million Kelp DAO exploit, which exposed how vulnerabilities in cross-chain infrastructure can quickly spill into the broader ecosystem. Solana-based Step Finance, meanwhile, shut down earlier this year after a $27 million exploit left the project unable to recover.
Araoz's comments also arrive as Anthropic has warned that its restricted Claude Mythos AI model can autonomously discover software vulnerabilities and develop working exploits at a level the company says surpasses existing automated tools.
That raises uncomfortable questions for DeFi, whose core security model was designed around human attackers operating at human speed.
DeFi's transparency, long marketed as a strength, could become a liability if machine systems can scan publicly available smart contract code, identify weaknesses and weaponize them faster than defenders can patch them.
cryptobriefing.com
crypto.news