The decentralized finance (DeFi) ecosystem is facing an existential security paradigm shift. Manuel Araoz, the founder and former CEO of top-tier smart contract security firm OpenZeppelin, has issued a stark warning: he now considers the entirety of DeFi unsafe due to the rapid rise of “superhuman” artificial intelligence coding agents.
The Asymmetry of Smart Contract Security
According to Araoz, the fundamental problem lies in the asymmetric nature of blockchain defense. While developers must write flawless code and patch every single potential vulnerability, an attacker only needs to find one minor oversight to drain millions of dollars in assets.
“I now consider *all* of DeFi unsafe. Coding agents are superhuman at finding vulnerabilities, and smart contract security is too asymmetric: defenders need to fix every bug while attackers need just one exploit to steal funds.”
This warning comes at a turbulent time for onchain finance. According to data from DeFiLlama, the total value locked (TVL) in DeFi protocols has plummeted by over $20 billion since the beginning of the year. While market volatility plays a role, a relentless wave of exploits has severely damaged investor confidence.
DeFi Security Losses in Numbers
- Total Lost (Past 365 Days): Over $1.1 billion drained via smart contract exploits.
- Kelp DAO Exploit: $292 million lost in April due to cross-chain infrastructure vulnerabilities.
- Step Finance: Forced to shut down after a devastating $27 million exploit on Solana.
Superhuman AI: The New Threat Vector
The threat is no longer theoretical. AI lab Anthropic recently warned that its restricted Claude Mythos model can autonomously discover software vulnerabilities and build functional exploits. This capability far exceeds traditional automated static analysis tools, allowing AI to think creatively about how to break code.
For years, DeFi advocates pointed to open-source transparency as a primary strength. However, in an era where AI agents can scan public GitHub repositories and smart contracts instantly, this transparency becomes a massive liability. Machines can identify and weaponize bugs faster than human security teams can write, test, and deploy patches.
FAQs
Why does the OpenZeppelin founder consider DeFi unsafe?
Manuel Araoz believes that AI coding agents have achieved “superhuman” capabilities in finding smart contract bugs. Because security is asymmetric—defenders must be perfect, while attackers only need one flaw—AI-driven exploits make the current DeFi ecosystem highly vulnerable.
How much money has been lost to DeFi exploits recently?
Over the past year, more than $1.1 billion has been lost to hacks, including the $292 million Kelp DAO exploit and the $27 million Step Finance attack, which led to the project’s closure.
What makes AI a unique threat to smart contracts?
AI models like Anthropic’s Claude Mythos can autonomously analyze public code, discover complex logical flaws, and write exploits at machine speed, bypassing the human-paced security audits that protocols rely on.
