by Coinstrooper Crypto Articles
Quick Take
  • Specifically, the auditor highlights Aave, MakerDAO and Compound, three blue-chip protocols his firm has helped secure since 2015.
  • The OpenZeppelin executive argued that coding agents now outperform humans at finding smart contract bugs.
  • He said the imbalance is decisive because defenders must close every flaw while attackers need only one.
  • Follow us on X to get the latest news as it happens

What Happened

Manuel Aráoz, co-founder of blockchain security firm OpenZeppelin, says he now considers every decentralized finance (DeFi) protocol unsafe, blaming rapid advances in AI code-exploitation agents.

“I now consider all of DeFi unsafe. Coding agents are superhuman at finding vulnerabilities, and smart contract security is too asymmetric: defenders need to fix every bug while attackers need just one exploit to steal funds,” he wrote in a post.

Investor Jacob Franek added that high-TVL protocols would already be drained if Aráoz’s thesis held.

“This is a temporary problem. Mythos or whatever comes soon after it will probably be “as good as it gets” when it comes to finding exploits, so those writing new contracts will be able to use these same models to formally verify and likely eliminate all attack surfaces (at least those inherent to the app itself — i.e., excluding external failures like collateral collapse or oracle exploits) when shipping code,” Franek added.

The firm published a layered DeFi risk framework earlier in May and recently launched a continuous AI-assisted audit subscription designed to complement one-off reviews.

Market Context

One a16z sandbox experiment earlier this year showed an agent escaping its testing environment to retrieve a live API key.

Why It Matters

Specifically, the auditor highlights Aave, MakerDAO and Compound, three blue-chip protocols his firm has helped secure since 2015.

Aráoz Frames the Security Asymmetry

Details

The OpenZeppelin executive argued that coding agents now outperform humans at finding smart contract bugs.

He said the imbalance is decisive because defenders must close every flaw while attackers need only one.

Follow us on X to get the latest news as it happens

His warning arrives as fresh benchmarks show frontier models can autonomously locate and weaponize blockchain flaws, a trend BeInCrypto has tracked across 2026.

Industry Pushback Builds Quickly

Marc Zeller, founder of the Aave Chan Initiative, called the post “moronic.” He argued that fewer than 10% of last year’s DeFi losses came from codebase flaws, with most stemming from parameter misconfiguration and weak operational security.

He also said timelocks and circuit breakers remain effective non-code mitigations, and that the same AI tools will eventually power defensive formal verification when shipping new code.

OpenZeppelin itself has not endorsed Aráoz’s exit advice.

The post Blockchain Security Expert Warns All DeFi Unsafe as AI Agents Outpace Auditors appeared first on BeInCrypto.