- OpenZeppelin co-founder says all DeFi is unsafe, including blue-chip Aave, MakerDAO and Compound.
- AI coding agents now find vulnerabilities faster than defenders can patch them at superhuman speed.
- Mythos tool release could be catastrophic for DeFi, with 20 companies forming a cartel before launch.
Manuel Aráoz, co-founder of OpenZeppelin, posted a public service announcement that stopped the DeFi community in its tracks.
“I now consider all of DeFi unsafe. I’ve been privately advising friends and family to exit all DeFi positions including low-risk blue chips like Aave, MakerDAO and Compound,” he wrote.
This is not a warning from an outsider. OpenZeppelin has audited the smart contracts of Aave, Compound, MakerDAO, Uniswap, and Coinbase. Aráoz built the firm that the entire DeFi ecosystem trusts to find vulnerabilities before attackers do.
Why AI Changes Everything
His argument is structural. AI coding agents have reached superhuman capability in finding smart contract vulnerabilities. The asymmetry of DeFi security has always been brutal, but AI makes it worse.
Defenders must find and fix every single bug. Attackers need just one. That gap has always existed. What changed is the speed and capability of tools available to attackers. An AI agent scanning for exploits does not get tired, does not miss edge cases, and does not need full context to find the one path that drains the funds.
The Mythos Factor
The conversation escalated quickly. Analyst Evanss6 referenced a tool called Mythos, warning that its public release would be the equivalent of a catastrophic attack on DeFi.
“yea defi is totally cooked post mythos. They had to make a cartel with 20 big companies before releasing it to the public,” one expert said.
Udi Wertheimer expanded the concern beyond Ethereum DeFi. “Is there any reason to believe crowd favourites like Hyperliquid and Polymarket are somehow immune?”
The Counter Argument
Analyst nairolf pushed back and argued that 99.9% of exploits are still human mistakes and bad opsec, not superintelligent AI. He also pointed to tokenised stocks, RWAs, and perpetuals moving on-chain as genuinely new strategies rather than signs of a dying sector.
Crypto investor Christopher Perkins identified two structural problems, security and counterparty risk in perpetual DEXs, and said both are actively being fixed.
The Context
Total DeFi TVL has declined more than 50% since October. Polymarket suffered a $660,000 key compromise earlier this month. The GitHub breach demonstrated that even sophisticated infrastructure can fall through a single compromised tool.
When the co-founder of the firm that audited DeFi’s biggest protocols quietly tells his own family to get out, the market listens. Whether he is right is a question the next major exploit will answer.
Related: DeFi Insurance Gap Leaves Billions Exposed as Hacks Keep Rising
Disclaimer: The information presented in this article is for informational and educational purposes only. The article does not constitute financial advice or advice of any kind. Coin Edition is not responsible for any losses incurred as a result of the utilization of content, products, or services mentioned. Readers are advised to exercise caution before taking any action related to the company.
