- OpenZeppelin co-founder Manuel Aráoz says all DeFi is unsafe, citing AI agents’ ability to find smart contract flaws.
- Aráoz’s warning comes as Coinbase’s Base launches AI tools that let users manage wallets and DeFi apps via chat.
OpenZeppelin co-founder Manuel Aráoz has issued one of the sharpest warnings yet on decentralized finance, saying he now considers all DeFi unsafe and has privately advised friends and family to exit every position.
Aráoz posted the warning on X on Tuesday, citing a growing security gap between protocol teams and attackers. He said coding agents have become “superhuman” at finding vulnerabilities, while smart contract defense remains uneven. In his view, developers must fix every possible bug, while attackers need only one missed flaw to drain funds.
His comments carry weight in Ethereum security circles. OpenZeppelin is a major smart contract security firm known for developer libraries, audits, monitoring tools, and security standards across Ethereum and other EVM networks. Aráoz helped build that security stack and has written for years about smart contract risk, including past Ethereum application failures and safer contract design.
PSA: I now consider *all* of DeFi unsafe.
Coding agents are superhuman at finding vulnerabilities, and smart contract security is too asymmetric: defenders need to fix every bug while attackers need just one exploit to steal funds.
— Manuel Aráoz (@maraoz) May 26, 2026
The warning did not focus only on small or experimental protocols. Aráoz said he includes lower-risk “blue chip” DeFi platforms such as Aave, MakerDAO, and Compound in his advice to exit. That framing drew attention as those protocols often sit near the safer end of DeFi risk discussions.
Recent exploit data adds pressure to the debate. DeFi suffered a difficult April, with nearly $630 million reportedly stolen from protocols. Two large attacks dominated the month: a $285 million Drift exploit linked to a long social engineering scheme, and a $293 million Kelp DAO exploit tied to a cross-chain bridge weakness. Reports have attributed both attacks to North Korea-linked hackers.
AI Agents Raise a Different DeFi Debate
However, not all crypto executives share Aráoz’s broad conclusion. A contrary view argues that AI agents are now moving into DeFi as a new user interface and automation layer, rather than destroying the sector. This view does not deny security risks, but it treats agentic systems as part of DeFi’s next stage.
Speakers in Consensus Miami 2026 pointed to lending markets, stablecoins, tokenized assets, and smart contracts as rails that already operate at scale. They also argued that autonomous AI agents will need open financial infrastructure to hold funds, move assets, trade, and settle activity.
That argument gained more attention after Coinbase’s Ethereum Layer 2 network Base launched Base MCP. The tool connects a Base Account to AI clients such as ChatGPT, Claude, and Cursor through the Model Context Protocol. It allows users to ask an agent to send funds, swap tokens, check balances, review transaction history, and interact with DeFi apps on Base.
Base MCP also launched with DeFi integrations, including Uniswap, Morpho, Moonwell, and Avantis. Supporters say these tools may make crypto easier to use by moving complex wallet and protocol steps into conversational prompts. Still, that same shift may widen the security surface if users approve actions they do not fully understand.
Therefore, Aráoz’s warning lands at a tense moment for DeFi. Security experts see faster vulnerability discovery, more advanced attacker tooling, bridge risk, private key compromise, and social engineering as active threats. Builders and investors, meanwhile, point to growing institutional interest, tokenized assets, and AI-native financial rails as signs that DeFi infrastructure keeps expanding.
