OpenZeppelin CEO Manuel Araoz said he now considers “all” decentralized finance (DeFi) dangerous because coding officers became “superhuman” when they found vulnerabilities in a paper published Wednesday.
The warning from one of crypto’s top security officials comes as the total value locked in DeFi has fallen by more than $20 billion since the start of the year, according to data from DeFiLlama. While this partly reflects broader weakness in crypto prices, the sector has also been hit by a steady stream of exploits that continue to test confidence in on-chain finance.
PSA: I now consider *all* DeFi dangerous.
Coding agents are superhuman at detecting vulnerabilities, and smart contract security is too asymmetric: defenders must fix every bug while attackers only need a single exploit to steal funds.
– Manuel Aráoz (@maraoz) May 26, 2026
Data from DefiLlama shows that more than $1.1 billion has been lost to DeFi hacks over the past 365 days, including April’s $292 million Kelp DAO exploit, which revealed how vulnerabilities in cross-chain infrastructure can quickly ripple through the broader ecosystem. Solana-based Step Finance, meanwhile, closed its doors earlier this year after a $27 million exploit prevented the project from recovering.
Araoz’s comments also come as Anthropic warned that its restricted AI model Claude Mythos can autonomously discover software vulnerabilities and develop functional exploits at a level that the company says outperforms existing automated tools.
This raises uncomfortable questions for DeFi, whose core security model was designed around human attackers operating at human speed.
DeFi’s transparency, long touted as a strength, could become a liability if IT systems can analyze publicly available smart contract code, identify weaknesses and weaponize them faster than defenders can fix them.
