Manuel Araoz, a co-founder of OpenZeppelin, believes the entire decentralized finance (DeFi) space is currently vulnerable. He cautions that AI-powered coding tools are giving attackers an advantage that security professionals will struggle to overcome.
The person who helped write DeFi’s security rulebook now thinks the game is broken.
Manuel Araoz, who co-founded OpenZeppelin, recently warned that AI-powered coding tools are now incredibly good at discovering weaknesses in software. He pointed out a major problem with smart contract security: developers have to fix *every* potential issue, but hackers only need to find just *one* to exploit it.
Blue Chips Are Not Safe, He Told People Closest to Him
Despite warnings, Araoz revealed on X that he’s been urging his friends and family to sell all their investments in DeFi (decentralized finance). This includes even protocols generally seen as safe. He specifically mentioned Aave, MakerDAO, and Compound, not because he believes they’re doing anything wrong, but because he doesn’t think they can succeed in the current environment.
Security issues continue to plague the DeFi world in 2026. Recently, a liquidity provider for 1inch lost almost $6.7 million due to an attack on a resolver contract. Investigators believe the same hacker was responsible for a similar incident in 2025, but exploited a different weakness.
One person on X pointed out that smart contracts are permanent and can’t be removed once created. Because they’re publicly visible on the blockchain, they’re essentially an open book – a true ‘honeypot’ in the simplest terms.
The Community Pushed Back, But Not on the Core Math
Aave developer Marc Zeller strongly disagreed with a recent statement on X (formerly Twitter), claiming that the vast majority of DeFi incidents last year weren’t caused by problems in the code itself. Instead, he explained that losses usually stemmed from issues like incorrect settings, insufficient collateral, and weak security practices.
Sam MacPherson, who goes by hexonaut on X, made a similar point. He argued that the recent large-scale hacks weren’t due to flaws in the code itself, but rather to basic security mistakes. He believes that well-established code is generally secure now, though this didn’t address the idea that losses are still much bigger when hacks *do* happen.
A user on X pointed out that the discussion was focusing on the wrong issue. They explained that established crypto protocols with a proven track record and no security breaches are generally safe. The real risks, they argued, come from new, unverified contracts often used for quick profits.
AI as Red Team: The Other Side of the Argument
Diego Sierra noted on X that while identifying vulnerabilities is a risk, the same tools can also be helpful for testing contract stability. He acknowledged this presents a challenge for developers, but isn’t necessarily a fatal flaw.
This isn’t the first time this has happened. Earlier this year, a mistake in code created by AI led to a loss of $1.78 million for one online platform. This event has sparked a discussion about how much independent control AI coding tools should have when working on live systems.
Rekt Academy, a company that teaches developers, agreed with Araoz’s point about the imbalance of power, sharing their response on X (formerly Twitter). They announced they’re creating new tools to address the issue. They also stated that cybersecurity will be increasingly critical, and the financial risks are significant. However, another X user, Ab, offered a contrasting view: thoroughly testing a system before launch could actually give developers *more* control, not less.
Tokenized Assets Are Next, One Respondent Said
Julia Suontama noted on X that discussions with Wall Street firms increasingly reveal a belief that decentralized finance (DeFi) isn’t yet mature enough for mainstream adoption, with a timeline of early 2026 often mentioned. She argues that institutions shouldn’t be forced to use public blockchains, and instead should focus on developing solutions specifically designed for their needs.
An X user named iagadanight raised a broader point: if decentralized finance (DeFi) platforms are vulnerable, then tokenized assets built on those same platforms are also at risk. They simply warned, “Next up tokenized assets,” leaving the implication to speak for itself.
Araoz hasn’t publicly addressed the criticism regarding the “blue-chip” label. A Twitter account called militereum explained it simply: smart contracts aren’t encrypted and are permanently recorded on the blockchain. This means code can be analyzed and exploited at a later time, giving those who write and understand code a lasting advantage.
Read More
- Forza Horizon 6: Find the Ohtani Treasure Chest Location
- LEGO Batman Legacy of the Dark Knight Batcave Minikits & WayneTech Caches
- Diablo 4 Best Loot Filter Codes
- NTE Drift Guide (& Best Car Mods for Drifting)
- USD RUB PREDICTION
- USD CNY PREDICTION
- Top 10 Must-Watch Isekai Anime on Crunchyroll Revealed!
- GBP CNY PREDICTION
- Cookie Run Kingdom Timeline of Fate Update Guide
- PS Plus Monthly Games for June 2026 Wish List
2026-05-27 21:05