Highlights:
- OpenZeppelin founder Manuel Aráoz warned users to exit DeFi positions after repeated crypto exploits.
- DeFi exploits crossed $629 million in April after major attacks hit Drift Protocol and Kelp DAO.
- The founder said attackers now find smart contract vulnerabilities faster than developers fix them.
OpenZeppelin co-founder Manuel Aráoz said in a Tuesday post on X that he now considers “all of DeFi” unsafe after months of major crypto exploits. Aráoz said he privately advised friends and family to exit all decentralized finance positions. He shared the warning after repeated bridge exploits, liquidity pool drains, and private key breaches hit DeFi protocols across multiple blockchain networks.
Advertisement
OpenZeppelin Co-Founder: All of DeFi Is Unsafe
OpenZeppelin co-founder Manuel Aráoz stated that he now believes “all of DeFi is unsafe” due to AI coding agents reaching superhuman capability in vulnerability discovery and the highly asymmetric nature of smart contract security.… pic.twitter.com/8aotT2ikWD
— Wu Blockchain (@WuBlockchain) May 27, 2026
Aráoz said attackers now exploit smart contract vulnerabilities faster than developers can secure decentralized finance systems. Aráoz also said developers must fix every vulnerability before hackers exploit blockchain applications. He added that attackers only need one successful exploit to steal millions of dollars from DeFi users and protocols.
Aráoz included Aave, MakerDAO, and Compound in his warning despite their large liquidity reserves and long operating history. Aave, MakerDAO, and Compound hold some of the largest total value locked figures across decentralized finance markets. However, Aráoz said repeated exploits have weakened investor confidence across both smaller and larger decentralized finance projects.
Aráoz Says Smart Contract Security Model Is Failing Across DeFi
Manuel Aráoz said advanced exploit techniques are bypassing the existing smart contract security systems across DeFi protocols. He said automated coding tools now discover vulnerabilities faster than developers can patch blockchain applications. Aráoz also said attackers are improving exploit strategies across Ethereum, Base, Sui, and other decentralized finance ecosystems.
Aráoz shared the concerns after DeFi protocols recorded their worst monthly exploit losses since hackers stole $1.5 billion from Bybit in February last year. DefiLlama data showed that attackers stole roughly $630 million from 29 DeFi protocols during April.
The crypto industry is witnessing a big spike in security breaches.
Data from DeFiLlama and industry reports confirm that April 2026 saw a record 29 hacks, the highest monthly incident count in history.
Over $635 million was lost in April alone, primarily driven by the Drift… https://t.co/KpM59tXxdL pic.twitter.com/xrqIA5l3v5
— Ali Charts (@alicharts) May 2, 2026
Hackers stole nearly $285 million from Drift Protocol after conducting a six-month social engineering campaign against the platform. Attackers also stole roughly $293 million from Kelp DAO after exploiting vulnerabilities inside its cross-chain bridge infrastructure. Blockchain investigators linked the Drift Protocol and Kelp DAO exploits to North Korean state-backed hacking groups after tracing attack patterns.
DefiLlama data showed that total value locked across DeFi protocols dropped after major exploits hit Drift Protocol and Kelp DAO. The total value locked across DeFi protocols fell from $172 billion to $148 billion after repeated exploit incidents weakened investor confidence. Security researchers also said bridge vulnerabilities, privileged access failures, and operational mistakes caused several recent DeFi exploit losses.
Smaller May Exploits Continue to Hit Bridges And Trading Platforms
Several DeFi protocols have reported new exploit incidents during May, after April hacks caused more than $629 million in losses. Attackers stole about $11.6 million from Verus Network after exploiting weaknesses inside its Ethereum bridge infrastructure.
In addition, attackers stole roughly $5.5 million from Wasabi Protocol across Ethereum, Base, Blast, and Berachain networks during an active exploit. Attackers also stole nearly $3.46 million from Sweat Economy after draining about 65% of the platform’s liquidity pool within 30 seconds. Sweat Economy said crypto exchange MEXC froze part of the stolen assets after attackers drained the liquidity pool.
Attackers also stole nearly $1.1 million in USDC from Aftermath Finance’s perpetuals platform on the Sui blockchain. Blockchain security firm Blockaid said the attacker used 11 transactions within 36 minutes to steal the funds from the protocol.
eToro Platform
Best Crypto Exchange
- Over 90 top cryptos to trade
- Regulated by top-tier entities
- User-friendly trading app
- 30+ million users
eToro is a multi-asset investment platform. The value of your investments may go up or down. Your capital is at risk. Don’t invest unless you’re prepared to lose all the money you invest. This is a high-risk investment, and you should not expect to be protected if something goes wrong.
Advertisement
