DeFi Unsafe? Crypto Security Chief Warns of AI Threat

A former crypto security chief warns that all of decentralized finance, or DeFi, is now unsafe. Manuel Aráoz, founder of blockchain security company OpenZeppelin, stated that coding agents are "superhuman" at finding vulnerabilities. He believes smart contract security is asymmetric, meaning defenders must fix every bug while attackers only need one exploit. Aráoz, who was OpenZeppelin's technology chief from 2015 to 2019, has advised friends and family to exit all DeFi applications, including major platforms like Aave and MakerDAO. This warning comes as the DeFi sector saw a high frequency of attacks, with April being the worst month on record. However, other DeFi stakeholders, including Aave founder Stani Kulechov, disagree. They attribute recent hacks to operational security failures, not smart contract vulnerabilities. OpenZeppelin also disavowed Aráoz's remarks, stating that AI is also a powerful defensive tool for better security. But not everyone is convinced. A Web3 OPSEC researcher notes that most projects are poor at operational security. He highlights that in DeFi, once a protocol is hacked, all funds are often gone forever, leading to the end of the protocol. This situation matters because it raises questions about the fundamental security of digital assets for anyone involved in DeFi.