Crypto projects in the decentralized finance (DeFi) sector have faced a wave of security incidents lately, and now, one of the earliest figures in smart contract auditing has declared the entire DeFi space unsafe. This point of view was shared on X by Manuel Aráoz, co-founder of OpenZeppelin. He has gone so far as to privately advise friends and family to exit all DeFi positions, including what many view as low-risk “blue chips” such as Aave, MakerDAO, and Compound.
Aráoz pointed to advances in artificial intelligence as the core reason for this shift in the reliability and trustworthiness of DeFi apps. “Coding agents are superhuman at finding vulnerabilities, and smart contract security is too asymmetric: defenders need to fix every bug while attackers need just one exploit to steal funds,” he explained.
Late last year, Anthropic released data showing AI agents had become far more capable at spotting and potentially exploiting bugs in crypto smart contracts. At that stage, the progress mostly involved issues humans had already identified. Things shifted earlier this year with the release of Anthropic’s Mythos model. The system is so powerful that Anthropic keeps it under tight restrictions and makes it available only to a limited group of partners. According to Anthropic, it has uncovered critical bugs in software that had run in production environments for decades without anyone noticing the flaws. Due to the security implications for the crypto space, exchanges, such as Coinbase, have reportedly reached out to Anthropic to gain access to Mythos.
To Aráoz’s point, a major DeFi hack last year sent a chill across the DeFi sector because it hit a vulnerability in a smart contract that had operated in the wild for years, survived multiple audits, and carried a reputation for being solid. The $120 million exploit itself played out in a way that echoed the penny-skimming scheme from the movie Office Space.
More recently, April stood out as the worst month on record for the sheer volume of crypto hacks, with incidents occurring at a pace of nearly one per day. North Korea has been linked to the vast majority of funds stolen through these attacks this year, though the regime issued a rare denial of involvement last month.
Just this past weekend, another incident occurred when stablecoin issuer StablR saw its system compromised. The setup relied on a 1-of-3 multisignature wallet for minting, meaning a single key could approve actions, and an attacker gained control of one key, added themselves as administrator, removed the legitimate operators, and minted roughly $13.5 million in unbacked stablecoins. They swapped the tokens on decentralized exchanges and walked away with around 1,115 ether, valued near $3 million at the time.
As the StablR incident illustrates, the reality is that far from all hacks trace back to smart contract bugs. Social engineering and centralized attack vectors often play the decisive role, even in projects that market themselves as decentralized. Admin privileges, key management failures, and poor operational security frequently open the door wider than any code flaw.
Despite these centralized points proving to be repeated weak links, some in the crypto industry agree with Aráoz that a form of gated DeFi may be the only realistic path forward for now. Uttam Singh, senior developer relations engineer at blockchain infrastructure provider Alchemy, called for circuit breakers, timelocks on changes, security councils with emergency halt powers, and rate limits on new asset listings. He argued the space simply is not mature enough yet to run without those safeguards for now.
Others pushed back sharply. Aave Chan Initiative founder Marc Zeller called Aráoz’s position “a moronic thing to say,” noting that less than 10% of DeFi issues in the past year stemmed from the actual codebase. Some critics went further and labeled Aráoz’s comments as nothing more than fear marketing for the benefit of OpenZeppelin. Aráoz clarified that he never limited the problem to smart contract code alone but to broader security, which includes parameters, mechanism design, and opsec. “Coding agents are superhuman at finding those vulns too, and my point holds,” he wrote.
It should be noted that OpenZeppelin took to X to clarify that Aráoz’s comments do not match the company’s official position on this matter, as Aráoz left the company in 2019. The pair of Uniswap founder Hayden Adams and Aave founder Stani Kulechov also pointed out that the same AI tools being used by attackers can also be used for defense, which should, ironically, make these systems even more resilient and secure over time. “DeFi is constantly evolving, but pretending the industry hasn’t matured significantly or that AI is only a net negative for DeFi security is simply not true,” Kulechov posted on X. “The same AI capabilities attackers use are also increasingly used by security researchers, auditors, and whitehats to strengthen protocols. DeFi Will Win”
turing completeness is a bitch https://t.co/ZCs1yRTrSx
— Alex B 👾 (@bergealex4) May 27, 2026
Bitcoin itself is thought to be somewhat safer from the same class of AI-driven attacks. Ethereum and similar platforms rely on Turing-complete smart contract languages such as Solidity, and that design allows for highly complex, stateful logic with countless possible interactions, which expands the attack surface dramatically. Bitcoin’s scripting language, by contrast, is deliberately not Turing-complete and is intended to keep the system simpler and more predictable.
That said, Jack Dorsey’s Block has already launched an initiative called Project Loupe that uses AI agents to proactively scan open-source Bitcoin-related software for vulnerabilities, like what Adams and Kulechov mentioned as a counterargument to Aráoz’s claims. The project generates detailed reports with proof-of-concept test cases and offers free scanning as a service to help maintainers stay ahead. The goal is to flip the asymmetry by giving defenders the same powerful tools attackers are already using.
