Top audit expert warns: All DeFi platforms are unsafe, withdraw now!

Original | Odaily Planet Daily (@OdailyChina)

Author | Azuma (@azuma_eth)

“I believe all DeFi is no longer safe.”

OpenZeppelin founder Manuel Aráoz’s statement left on X yesterday, like a deep water bomb, once again shocking the already stagnant DeFi market.

Manuel even said that he has begun advising friends and family to withdraw funds from major DeFi protocols, including blue-chip protocols once considered low-risk such as Aave, MakerDAO, and Compound.

This is not a warning from an outsider. On the contrary, Manuel himself is one of the core builders of the DeFi security system, and OpenZeppelin is one of the industry’s most mainstream security auditing firms. Its contract libraries, security standards, and audit frameworks have almost permeated the entire DeFi world.

The reason behind Manuel’s complete shift in attitude lies in AI. Manuel pessimistically believes that, AI Coding Agents are exponentially enhancing their ability to identify and exploit smart contract vulnerabilities.

This means that problems that previously took top white-hat teams weeks to discover might now be scanned by AI in minutes; hackers who once needed long-term research into protocol logic can now have attack paths automatically analyzed by AI; the once “public and transparent” nature of DeFi is now turning into the best training data for attackers.

Manuel also mentioned a more deadly issue: Smart contract security is essentially an extremely asymmetric game — defenders must fix all vulnerabilities, while attackers only need to find one to steal funds. As AI begins to exponentially boost attack efficiency, this asymmetry is rapidly unbalancing.

Cold reality: DeFi is now a hacker’s cash machine

Looking back at the recent months of DeFi security incidents, you will find Manuel’s concerns are not exaggerated.

April was almost the worst month in DeFi history.

• On April 1st, April Fools’ Day, Drift Protocol was robbed of $280 million due to a management permission hijack and multi-signature execution vulnerability (see “April Fools’ Joke? Drift Protocol Lost Over $280 Million, Possibly the Second Largest DeFi Heist on Solana Ecosystem”).
• Then on April 19th, Kelp DAO was hacked through a bridge protocol breach, losing $292 million (see “DeFi Robbed Again for $292 Million, Is Aave No Longer Safe?”), with hackers subsequently fleeing using Aave and other lending protocols, plunging the entire DeFi into bad debt and its ripple effects.

And after May, incidents not only did not decrease but further spread.

• On May 15th, THORChain was attacked. New node operators exploited a GG20 threshold signature scheme (TSS) vulnerability, reconstructed the vault’s private key, and executed outbound transactions, resulting in over $10 million in losses.
• On May 18th, Verus’s bridge protocol was attacked. Attackers forged cross-chain import payloads, bypassed verification, and withdrew assets from Ethereum reserves, stealing about $11.58 million.
• On May 19th, Echo Protocol on Monad was attacked due to private key leakage. Attackers minted 1,000 eBTC (worth $76.7 million) and withdrew funds via previously tested attack paths through Curvance.
• On May 24th, the compliant stablecoin issuer StablR under the MiCA regulatory system was attacked. Hackers profited over $2.8 million by minting EURR and USDR, causing EURR and USDR to depeg.
• On May 25th, SquidRouter module was attacked, resulting in approximately $3 million worth of assets stolen from 86 Gnosis Safe wallets.
• On May 27th, StakeDAO’s deployer private key was leaked on Arbitrum, and attackers minted about 5.45 trillion vsdCRV tokens, some of which were exchanged for 43.7 ETH and fled.

Frequent security incidents have sounded the alarm. From on-chain code to off-chain management, DeFi seems to be losing ground across the board.

AI Has Become the Hacker’s Nuclear Weapon

Why has the defense and attack situation in DeFi accelerated to collapse this summer? Besides the evolution of traditional hacking techniques, the rapid advancement of AI large models is becoming the ultimate game-changer.

In the past, finding a complex smart contract vulnerability (especially involving cross-chain, multi-layer nesting, or extremely covert reentrancy logic) required top hackers weeks or months of code review. However, with the maturity of AI agents capable of long context understanding, strong logical reasoning, and autonomous tool invocation, this has fundamentally changed.

• Second-level scanning and zero-day vulnerability discovery across the network:  Attackers only need to feed open-source codebases into next-generation AI reasoning models. AI can simulate hundreds of extreme interaction scenarios in seconds, precisely identifying boundary conditions that human auditors might miss when exhausted.
• Automated attack script generation:  AI can not only discover vulnerabilities but also automatically write, test, and deploy “hacker smart contracts” to extract funds.
• Off-chain DevOps and social engineering orchestration:  AI can impersonate perfect developers for phishing, or monitor DeFi team’s GitHub commits around the clock. Once the team uploads sensitive info or unverified patches, AI can launch attacks within seconds—far faster than human security personnel can respond.

In this war of AI-empowered security offense and defense, hackers wield near-infinite ammunition and second-level attack speeds with AI, while DeFi is limited by slow governance voting, multi-signature confirmations, and delayed security audits, making it difficult to mount effective defenses.

Last month, Anthropic, the AI development company behind Claude, officially announced their new model Mythos (see “Anthropic Developed the Most Powerful AI Model in History but Did Not Dare to Release…”). It is the first human-made model with over one hundred trillion parameters (compared to current mainstream models with hundreds of billions to one trillion parameters), with a training cost of a staggering $54.5k.

However, due to Mythos’s specialized capabilities in cybersecurity (Anthropic disclosed that within weeks, Mythos identified thousands of zero-day vulnerabilities), the company is even reluctant to publicly release the model to prevent malicious exploitation by hacker groups. Instead, they plan to let top-tier firms test and patch potential vulnerabilities through a “Glass Wing” program.

The current DeFi security situation remains extremely severe. It’s hard to imagine what new threats will emerge once Mythos is publicly released and industry security defenses are challenged anew.

The Biggest Issue: Risk-Reward Ratio Has Long Been Out of Balance

For ordinary DeFi participants, liquidity providers (LPs), and whales, the most pressing question now is to sit down and do the math.

For a long time, users have deposited funds into DeFi seeking annualized yields several times higher than traditional finance. During bull markets or liquidity mining frenzies, yields of 10%, 20%, or even higher were enough to cover their psychological expectations of “potential technical risks.”

But today, this underlying logic has been shaken or even overturned. The risk-reward ratio in DeFi is now out of balance. On the yield side, as the market enters a stockpile game, safety margins have thickened, and the real yields of most mainstream, relatively reliable DeFi protocols have fallen into single digits; on the risk side, users’ principal is exposed to a black box that can be hacked by AI at any moment, with flash loans potentially draining funds or wiping out tokens within minutes, with no legal, insurance, or central bank backing.

Losing 100% of principal for a mere 5% annualized return is clearly not a profitable trade.

Manuel’s words may be somewhat absolute, but they have torn off the last shroud of DeFi’s pretenses. In the face of hackers using AI as a routine weapon and ongoing security incidents, if you are not mentally prepared to lose 100% of your principal for a certain yield, then “withdraw quickly and lock in gains” might be the most rational and risk-controlled choice in the current market cycle.