Manuel Aráoz, a co-founder of Openzeppelin, recently caused a stir in the crypto world by suggesting that decentralized finance (DeFi) isn’t safe. However, other leaders in the industry disagree, arguing that he’s exaggerating the risks. They highlight that the security of DeFi lending has significantly improved – by about 98% – since 2020.
-
Key Takeaways:
- Openzeppelin founder Manuel Aráoz’s recent comments reignited DeFi security fears.
- 0G Labs CEO Heinrich noted a 98% lift in lending safety since 2020, undercutting claims that all DeFi is unsafe.
- Fan of Cysic eyes a fivefold insurance surge by 2029, urging regulators to target opsec over AI code.
Shifting From Drama to Data
When Openzeppelin co-founder and former Chief Technology Officer (CTO) Manuel Aráoz characterized decentralized finance ( DeFi) as entirely unsafe, it rattled an industry already reeling from a spike in hacks. Highlighting that vulnerability, a recent analysis by blockchain security firm Peckshield found that cross-chain protocol exploits alone drained $328.6 million between the start of the year and mid-May.
Aráoz’s viral warnings forced Openzeppelin to publicly distance itself from some of his claims, but the remarks succeeded in sparking a fierce debate over DeFi security. Still, critics dismissed his dramatic language as a self-serving attempt to stir fear and panic. Others, like Leo Fan, founder of Cysic, believe the framing undermines the credibility of a message that has a real core.
Fan explained that framing a necessary warning as a complete shutdown creates unnecessarily negative and alarming content. They believe that focusing on data and numbers is more effective at getting people to take action than creating drama.
The same sentiment is echoed by Michael Heinrich, co-founder and CEO of 0G Labs, who points to the approximately 98% improvement in DeFi lending security from its 2020 baseline. Heinrich also highlights the markedly reduced daily loss rates on major lending protocols, now around 0.001%, as another factor that undercuts Aráoz’s “all DeFi is unsafe” comments.
“Telling retail to exit blue-chips like Aave and Maker doesn’t match the actual risk-adjusted picture,” Heinrich told Bitcoin.com News.
In making the argument against DeFi, Aráoz insisted that artificial intelligence (AI) coding agents have become incredibly advanced at scanning open-source smart contracts and identifying complex exploitable flaws at machine speed. The threat posed by these agents is so great that he has privately advised his friends and family to completely exit their positions in major, long-established “blue-chip” DeFi protocols.
The Death of the Static Audit
Heinrich and Fan believe that even with the emergence of incredibly powerful AI attackers, security professionals shouldn’t give up. They argue that it’s time for a major change in the way the security industry operates.
According to Fan, traditional security audits are becoming obsolete, even though the industry hasn’t fully acknowledged it yet. He cautions against thinking that bug bounty programs can completely replace audits. Instead of choosing between preventing problems and simply detecting them, we should focus on closing the gap and doing both.
According to Heinrich, relying on an annual audit is no longer a credible defense. Instead, the future of smart contract security relies on a machine-speed, layered defense pipeline where audits serve as the first checkpoint rather than a single event. He outlined a four-layer security stack: pre-deployment AI-assisted audits paired with human review, continuous post-deployment monitoring, well-funded bug bounties, and verifiable AI on the defender side.
Heinrich explained that the main aim is to use mathematical proofs – a rigorous, objective method – to verify the most important parts of a system, combined with ongoing AI-powered checks that simulate how hackers might try to exploit live contracts.
He explained that audits aren’t something to be feared, but rather the initial step in building a robust and rapid security system.
Beyond preventative security pipelines, the conversation around risk mitigation inevitably turns to insurance, a primitive that Heinrich notes remains severely underdeveloped in the crypto ecosystem. According to Heinrich, a few structural hurdles keep the decentralized insurance sector constrained. First, insurance pools lock up capital that could otherwise earn active yield elsewhere in DeFi.
To illustrate this point, Heinrich points to market leader Nexus Mutual, which holds approximately $190 million against a broader DeFi market that fluctuated between $40 billion and over $100 billion in total value locked. Heinrich notes that this capital ratio is structurally thin. Another hurdle is defining what constitutes an on-chain exploit, which he describes as a non-trivial exercise.
Heinrich believes that requiring insurance for all blockchain protocols won’t encourage wider use. He suggests the focus should be on creating better, more innovative products instead.
According to Heinrich, the key to real progress lies in financial products built on blockchains that automatically make payments based on confirmed data, and in protocols that include insurance as a standard part of the service – similar to how clearing fees function in traditional finance.
Regulating Operations, Not Just Code
Right now, there isn’t much insurance available in the decentralized finance world, but interest is increasing quickly. Coinlaw predicts the market for this type of insurance will grow almost five times over by 2029, according to their forecast from March 2026.
“The capital is coming,” Heinrich noted. “What’s missing is the product surface to deploy it.”
The growing use of fast, automated security systems in the digital asset industry is prompting a debate about how much government oversight is needed. While regulators are paying closer attention to security risks, Fan warns they might be overly concerned with threats like dangerous AI, potentially overlooking more pressing issues.
According to Fan, regulators shouldn’t worry too much about hackers *using* AI. Instead, they should concentrate on protecting the fundamental parts of the system where money is at risk – things like secure storage of funds, how decisions about accessing those funds are made, the security of connections between different systems, and how quickly and effectively problems are handled.
Fan believes that if watchdogs focused on securing the everyday practices of crypto projects, they could prevent most financial losses. He cautions that concentrating solely on the code of smart contracts – and ignoring how these systems are actually run – is a mistake, like addressing a small part of the problem while overlooking the much larger one.
Fan also highlighted an often-overlooked but crucial technology: advanced cryptography.
Instead of relying on PDF audit reports, Fan argues that cryptographic proof – like zero-knowledge proofs – demonstrating code execution and correctness is a much stronger foundation for compliance. This approach is verifiable through mathematical evidence, rather than requiring trust in a third party, and is where he believes regulators should focus their efforts.
Read More
- Forza Horizon 6: Find the Ohtani Treasure Chest Location
- NTE Drift Guide (& Best Car Mods for Drifting)
- LEGO Batman Legacy of the Dark Knight Batcave Minikits & WayneTech Caches
- LEGO Batman Legacy – All Cauldron North Cluemaster Puzzle Solutions
- How to Open Locked Door in Tenryu River in Nioh 3 (Dirty Key)
- Sega’s “Super Game” is Said to Release Next Month, But Nothing is Known About It
- Skyblivion Gets Encouraging Development Update
- New Steam Game is Like Pokemon If It Were a Sci-fi Shooter
- Asmongold reveals shocking detail about how much money he makes
- God of War Shadow Drops New Game and Confirms Greek Trilogy Remake
2026-05-31 09:57