In late May 2026, a seemingly just another "safety complaint" on social media suddenly silenced the entire DeFi community—Manuel Aráoz, co-founder of OpenZeppelin and a leading security expert deeply involved in smart contract auditing, publicly stated: "All DeFi is unsafe." According to reports by multiple crypto media outlets citing The Block on May 27, Aráoz did not merely make a rash statement; he added that he had been privately persuading friends and family to withdraw from all DeFi positions for some time, even those positions generally regarded as "low-risk blue chips": Aave, MakerDAO, and Compound were all on his recommendation list for liquidation. For a co-founder of OpenZeppelin, which has long maintained collaborative and security auditing relationships with many protocols in the Ethereum and DeFi ecosystem, such a statement is akin to openly firing at the industry's mainstream narrative—prior to this, despite ongoing debates surrounding smart contract vulnerabilities, oracles, cross-chain bridges, and permission keys, market trust in the security of a few leading protocols like Aave, MakerDAO, and Compound remained relatively solid. Aráoz's complete denial is the first time this trust itself has been put on trial. The question this article seeks to address is not whether he was overly emotional, but rather: When even a co-founder of a security company starts advising those around him to exit, how deep are the cracks in the foundation of what is seen as "technical consensus" in DeFi security?
Founder of the security company personally sings the blues for DeFi blue chips
OpenZeppelin itself is the central node of this storm— as the most widely used smart contract security auditing and tool provider in the Ethereum and DeFi ecosystem, its libraries are referenced by countless protocols, and its audit reports serve as the "final gateway" before many leading protocols are launched. Manuel Aráoz is not only a co-founder but has also been deeply involved in smart contract security practices and industry discussions for a long time; in some sense, the company he belongs to acts as a "contractor" for DeFi security order. When a core figure of such an organization stands up and says "all DeFi is unsafe," it amounts to questioning the very security system they helped build. The impact of such a counter-statement far exceeds that of an ordinary influencer's emotional outburst.
Thus, when he publicly disclosed that he had been privately persuading friends and family to liquidate all DeFi positions, including low-risk positions considered blue chips like Aave, MakerDAO, and Compound, and this was reported by The Block and amplified by several Chinese crypto media outlets, the affected parties extended beyond just retail confidence. For protocol teams, this acted as a wake-up call: The narrative that had relied on audit reports and formal verification as safety "amulets" was forced to be reassessed, and aspects such as product design, permission architecture, and even the description of "attack surfaces" could now be scrutinized more rigorously; for institutional users and professional capital, it meant the need to reprice DeFi positions, factoring in the structural uncertainties exposed by protocols originally seen as "blue chip infrastructure" such as Aave, MakerDAO, and Compound into risk premiums and usage boundaries.
Coding agents accelerate the vulnerability hunting game
In Aráoz's description, "Coding agents" are not enhanced versions of code auto-completion, but a complete set of AI agents capable of repeatedly reading code, calling tools, generating and validating attack vectors in an unattended state. Their so-called "superhuman" aspect is that, no matter how experienced human auditors are, it's challenging to maintain zero omissions during long, high-intensity reading, while agents can enumerate inputs, paths, and boundary conditions tirelessly for 24 hours, linking automation audits, fuzz testing, and other existing tools together. When a suspicious branch is triggered, they can automatically rewrite the PoC and continue digging deeper based on the results. For attackers, this means that as long as there is a public contract, they can let the agents "cultivate" in the background until they unearth a viable exploitation path.
This directly compounds the already highly asymmetric nature of smart contract offense and defense: Defenders must eliminate all exploitable vulnerabilities as much as possible before the code goes live, while attackers only need to find one gap to steal funds. Once an on-chain contract is deployed, any fix often incurs additional costs such as downtime, upgrades, and community decision-making, remaining exposed to scrutiny in the meantime; and when AI also begins to participate in development, the speed and complexity of code generation rise together, making traditional audits and tests struggle to "liquidate" hazards at the same frequency and coverage. Although the industry has long widely used automated audits and fuzz testing to assist in security analyses, these tools are fundamentally still limited by rule sets, model assumptions, and computational budgets. When facing the combinatorial state space generated and attacked by AI, blind spots of "unmeasured" and "unforeseen" can easily arise, which is precisely the realistic pressure Aráoz is concerned about regarding Coding agents morphing into vulnerability hunting machines.
Even Aave and MakerDAO are not trusted
On top of the previous concerns surrounding Coding agents, Aráoz's practical suggestions sounded like a heavy blow—he publicly stated that he had been privately advising friends and family to clear out all DeFi positions, including lending protocols and collateral positions like Aave, MakerDAO, and Compound, which are generally accepted as "blue chip." The problem does not lie in any recently revealed fatal vulnerabilities of these protocols; according to publicly available reports, there is currently no evidence that they have experienced systemic attacks recently. What has truly been hit is the long-standing market expectation of "default safety" built upon them.
For many years, Aave, MakerDAO, and Compound have habitually been treated as close substitutes for the "risk-free rate" on-chain — performing the role that government bonds play off-chain; they do their best to serve as the on-chain counterparts that accommodate most mainstream asset lending and meet the collateral generation and fund management needs centered around pegged fiat currency price assets. Many DAOs have maintained part of their treasury assets in these protocols over the long term to earn interest, and many institutions view them as "safe floor" in their allocation strategies. When even this layer of infrastructure is publicly advised by leading security professionals to "exit," the signal transitions from a single-point accident to an overall questioning of the safety anchors in DeFi.
Amid such loud doubts, ordinary users may begin to actively reduce leverage, shorten borrowing terms, or even move portions of positions originally placed in blue-chip protocols back to custodial institutions or self-custody cold wallets; some DAOs may not rule out setting new exposure limits for their treasuries through governance proposals, splitting dependence on a single protocol into multi-protocol and multi-chain decentralized configurations while tightening the permissions that could be used for high-risk strategies; and for institutional funds already participating in such protocols, internal risk control frameworks may raise the risk weight for such "infrastructure earnings," introducing additional approval processes and limit controls. Even if these actions have not yet occurred broadly, merely posing the possibility that "even Aave and MakerDAO are unsafe" is sufficient to shake the fragile trust that has slowly accumulated around blue-chip DeFi over the past few years.
Counterarguments consolidate: Is the problem really in the contract code?
After Aráoz's statement spread, several developers and security researchers responded sequentially on social media, targeting not his sensitivity to risk but the conclusion itself that "all DeFi is unsafe." The common viewpoint among the opponents is that attributing the numerous incidents of recent years entirely to "DeFi smart contracts being inherently unsafe" is an oversimplification of technical details and overlooks the essential differences among various sources of risk.
In these responses, a more mainstream analytical path is emerging, breaking down recent events into more specific components: many public cases point to oracle anomalies, cross-chain bridge vulnerabilities, stolen permission keys, or mistakes made by a few teams in parameter adjustments and operational processes, rather than core design errors in the logic of blue chip protocols like Aave, MakerDAO, and Compound. In other words, the problems often lie within the "people and components" surrounding the contracts, rather than solely in the few hundred lines of Solidity code. Some risk control professionals are attempting to take another approach—arguing to view DeFi security as a risk that can be quantified and priced through insurance products and risk premiums, believing that the expected costs of vulnerability exploitation can be compressed to lower basis points; however, these figures and corresponding insurance coverage effects are currently still at the theoretical and partial experimental stage, leaving a considerable distance from forming an industry-recognized pricing framework.
From "total withdrawal" to risk pricing
What kicks off this debate are two almost opposing views on security: Aráoz uses "total withdrawal" to hedge against unknown risks, understanding DeFi security as an all-or-nothing binary proposition; opponents insist on remaining in the system through refined risk control, architectural design, and insurance tools, viewing DeFi as a multidimensional risk portfolio that can be broken down, measured, and priced. What may be more worth observing next is not who gained the upper hand in discourse but whether participants genuinely shift from the binary choice of "using or not using DeFi" to layered pricing and permission management based on different sources of risk such as smart contract vulnerabilities, operational errors, oracles and cross-chain bridges, and permission keys according to type and severity: high-risk components kept under tight controls and low-risk cores given higher limits and trust. As of May 27, 2026, this shift still remains in an unclear consensus transitional phase; to assess whether this debate can lead to practical change, at least three groups of variables are worth continuous tracking: First, whether security audits and tools can genuinely iterate to produce quantitative metrics aimed at different risk dimensions; second, whether AI can offset the information asymmetry emphasized by Aráoz on the defensive end; third, whether the actual adoption and payout records of insurance and coverage products can support an actionable risk premium system, thus creating a widely accepted DeFi security pricing framework between "overall withdrawal" and "continued exposure."
Join our community, let's discuss and become stronger together!
On-chain Telegram community: https://t.me/AiCoinWhaleData
On-chain community: https://www.aicoin.com/link/chat?cid=N6OVMor5g
AiCoin on-chain Twitter: https://x.com/aicoinwhaledata
AiCoin exclusive Hyperliquid benefits: https://app.hyperliquid.xyz/join/AICOIN88
AiCoin exclusive Aster benefits: https://www.asterdex.com/zh-CN/referral/9C50e2
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
