AI coding agents have made all of DeFi insecure, security expert says.

Critics argue that most recent crypto hacks are the result of operational failures.

Manuel Araoz, co-founder of smart contract security firm Openzeppelin, on May 26th publicly announced everything, including blue chips, with a clear recommendation that people should get out of DeFi.

According to him, AI-powered code agents have tilted the security game so far in favor of attackers that no protocol can be trusted to hold user funds.

Araoz warning

The software engineer wrote in a post on X;

“PSA: I consider all DeFi insecure now.”

He also said that he has been personally advising friends and family to get out of all DeFi positions, naming Aaven, MakerDAO and Compound as protocols that are no longer safe.

His reasoning is based on symmetry: defenders need to find and fix each vulnerability, while attackers only need one to inflict damage. Now, with AI coding agents that can scan smart contracts faster and more thoroughly than any human security team can, Araoz feels asymmetric.

OpenZeppelin itself recently noted that crypto companies will lose more than 3.4 billion dollars to hacking by 2025. But much of the blame for that theft lay not on smart contract errors but on compromised certificates, operational failures and code sent between audits.

In April of this year alone, more than 650 million dollars were stolen. Of this amount, $292 million came from an exploit on KelpDAO, and another $285 million was collected from the Drift Protocol, which experts say is months of social engineering.

You may also like:

Push from X users

Against that backdrop, Araoz's warning was dire, but people immediately backed off. One critic of the post, Mark Zeller, founder of the Ave Chan Initiative, had nothing to do with it.

His counter was informed.Last year, he pointed out that less than 10% of Defy cases stemmed from code-level vulnerabilities, which, he says, go back to the poor. Risk criteria, warranty lapses and poor operational security, not AI-assisted exploitation.

Several others echoed Zeller's view, albeit with little warmth. Sam McPherson, founder of Phoenix Labs, said blue-chip DeFi platforms' smart contracts are “pretty safe right now” and pointed to OSC failures as the real culprit behind many of the recent major hacks.

Another X user, Polaris Finance developer Robert, made a similar distinction, saying that actual smart contract exploitation is “almost non-existent right now.” He added that recent breaches have mostly involved centralized components, allowing for human control rather than the immutable underlying code.

Ethereum founder Vitalik Buterin has a different take on the impact of AI and crypto security, writing earlier this month that AI-assisted formal verification will make crypto systems more secure over time. According to him, developers can use AI to write both code and mathematical proofs of its correctness.