OpenZeppelin Co-founder: "All DeFi is insecure," has advised friends and family to withdraw funds

BlockBeats News, May 27th, co-founder of crypto security company OpenZeppelin, Manuel Aráoz, posted on social media that he now believes "all DeFi" is insecure. He revealed that he has started advising friends and family to exit all DeFi positions, even supposedly low-risk positions in "blue-chip" protocols like Aave, MakerDAO, and Compound.

Aráoz pointed out that there is an asymmetry between attackers and defenders in security incidents. "The auditing agents are way better at finding vulnerabilities, the security of smart contracts is too asymmetric. Defenders need to fix every bug, while attackers only need to find one bug to steal funds."

This comment reflects a heightened concern in the market about DeFi security after a series of major security incidents in recent months. Data shows that in April, DeFi protocols were hacked for nearly $630 million, making it the worst month since the $1.5 billion hack of Bybit in February 2025. The exploits in April, such as Drift ($285 million) and Kelp DAO ($293 million), are widely believed to be linked to a North Korean government-backed hacker.

Market confidence in DeFi has been significantly shaken, with the total value locked in protocols dropping by about 14% since mid-April, from around $172 billion to $148 billion. There have been 25 security incidents in May so far, including the Verus Network cross-chain bridge exploit losing $11.6 million and the prediction market platform Polymarket admitting a security vulnerability of around $570,000.