DeFi Security Fears Grow as OpenZeppelin Founder Issues Warning

TLDR

• Manuel Aráoz said he now considers all DeFi protocols unsafe because of rising exploit risks.
• OpenZeppelin warned that audits alone are no longer enough to protect DeFi platforms.
• DeFi protocols lost nearly $630 million to exploits during April 2026.
• AI coding agents are making it easier for attackers to find smart contract vulnerabilities.
• DeFi total value locked dropped sharply after several major protocol breaches.

Manuel Aráoz, co-founder of OpenZeppelin, said he now considers “all of DeFi” unsafe as attacks against decentralized finance protocols continue to rise.

In a post shared on X on May 26, Aráoz stated that he had advised friends and family to exit DeFi positions, including holdings in established protocols such as Aave, MakerDAO, and Compound. He linked his concerns to what he described as an ongoing imbalance between attackers and defenders in smart contract security.

The comments followed a sharp increase in DeFi-related hacks and exploits during April. According to data from The Block and DefiLlama, nearly $630 million was stolen from DeFi protocols during the month. The figure marked the highest monthly loss level since the February 2025 Bybit hack.

Major Protocols Suffer Large Exploits

Several high-profile protocols were affected by attacks in April. Kelp DAO lost around $293 million after attackers targeted a cross-chain bridge vulnerability. Drift recorded losses of roughly $285 million after a social engineering attack that reportedly lasted six months.

Euler also suffered a major exploit that drained approximately $197 million. Reports linked both the Drift and Kelp DAO attacks to North Korean state-backed hacking groups.

DefiLlama data showed there were 27 reported DeFi exploit cases in April alone. Activity has continued into May, with 25 exploits recorded so far, although losses have been smaller compared to the previous month.

Among the recent incidents, Verus Network lost $11.6 million after its Ethereum bridge was compromised. Prediction market platform Polymarket also disclosed a $573,200 security breach that may have involved a compromised private key tied to internal wallet operations.

AI Tools Add Pressure on Smart Contract Security

Aráoz said artificial intelligence tools are changing the threat environment for DeFi developers and security researchers. He explained that advanced coding agents can review smart contract code at high speed and identify weak points more efficiently than before.

The warning reflects broader concerns within the crypto sector that AI-assisted attacks may increase the frequency of exploits. Security firms have increasingly focused on continuous monitoring and layered defenses instead of relying only on smart contract audits.

On May 12, OpenZeppelin released a framework called the “Four Layers of DeFi Risk.” The framework was designed to help institutions assess security risks linked to decentralized finance protocols and digital asset exposure.

The framework stated that audits alone are no longer enough to reduce risks in DeFi systems. It recommended continuous threat monitoring, operational controls, and multiple security layers as part of a broader defense strategy.

DeFi Market Activity Declines After Attacks

The recent exploits have also affected activity across the DeFi market. Data showed that total value locked across DeFi protocols dropped by about 14% since mid-April.

DeFi TVL fell from nearly $172 billion to around $148 billion during the period. The decline came as traders and investors reacted to ongoing security incidents across major protocols.

Despite the losses, developers and security firms continue working on updated protection methods as attacks become more advanced. Aráoz’s remarks have added to the ongoing discussion around whether current DeFi security practices can keep pace with faster and more automated exploit methods.

The post DeFi Security Fears Grow as OpenZeppelin Founder Issues Warning appeared first on CoinCentral.