Original | Odaily Planet Daily (@OdailyChina)

Author | Azuma (@azuma_eth)

"I believe all DeFi is no longer safe."

This assertion made by OpenZeppelin founder Manuel Aráoz yesterday on X acted like a deep-water bomb, once again impacting the already stagnant DeFi market.

Manuel even stated that he has started advising friends and family to withdraw funds from various DeFi protocols, including those considered low-risk blue chip protocols like Aave, MakerDAO, and Compound.

This is not the alarmist warning of an outsider. On the contrary, Manuel himself is one of the core builders of the DeFi security ecosystem, and OpenZeppelin is one of the most mainstream security audit companies in the industry, with its contract library, security standards, and audit framework permeating the entire DeFi world.

The reason for Manuel’s complete change of attitude is AI. Manuel is pessimistic that the ability of AI Coding Agents to identify and exploit vulnerabilities in smart contracts is exponentially increasing.

This means that problems that previously took top white hat teams weeks to discover can now potentially be scanned out by AI in just a few minutes; issues that hackers previously needed to study protocol logic for a long time can now be directly analyzed by AI to automate attack paths; the past "openness and transparency" of DeFi, once an advantage, has now become the best training corpus for attackers.

Manuel also mentioned a more deadly problem, the security of smart contracts is essentially an extremely asymmetrical game—defensive parties must repair all vulnerabilities, while attackers only need to find one to steal funds. After AI began to exponentially enhance attack efficiency, this asymmetry is rapidly losing balance.

Cold Reality: DeFi Has Become a Hacker ATM

Looking back at the DeFi security incidents of the past few months, you will find that Manuel's concerns are not exaggerated.

April was nearly the worst month in DeFi history.

• On April 1st, April Fools' Day, Drift Protocol lost $280 million due to administrator permission hijacking and multi-signature execution vulnerabilities (see "April Fools' Joke? Drift Protocol Stolen for Over $280 Million, Potentially the Second Largest DeFi Heist in Solana's Ecosystem").
• Then on April 19th, Kelp DAO lost $292 million due to an attack on its bridging protocol (see "DeFi Stolen Again for $292 Million, Is Even Aave Not Safe Anymore?"), with the hacker later using Aave and other lending protocols to escape, causing the entire DeFi sector to be shrouded in bad debts and their associated impacts.

After entering May, incidents not only did not decrease but instead spread further.

• On May 15, THORChain was attacked, with newly added node operators exploiting the vulnerability in the GG20 threshold signature scheme (TSS) to reconstruct the vault private key and execute outbound transactions directly, resulting in losses exceeding $10 million.
• On May 18, Verus's bridging protocol was attacked, where the attacker forged cross-chain payloads to bypass validation and extract assets from the Ethereum reserve, stealing around $11.58 million.
• On May 19, Echo Protocol on Monad was attacked due to a private key leak, with the attacker minting 1,000 eBTC (worth $76.7 million) and extracting funds through previously tested attack paths via Curvance.
• On May 24, StablR, a compliant stablecoin issuer under the MiCA regulatory system, was attacked, with the hacker profiting over $2.8 million by issuing EURR and USDR, leading to a decoupling between EURR and USDR.
• On May 25, the SquidRouter module was attacked, resulting in approximately $3 million worth of assets being stolen from 86 Gnosis Safe wallets.
• On May 27, the deployer private key of StakeDAO was leaked on Arbitrum, allowing the attacker to mint about 54.5 trillion vsdCRV and partially exchange it for 43.7 ETH to escape.

The frequency of security incidents has sounded the alarm; from on-chain code to off-chain management, it seems that DeFi is losing ground across the board.

AI Has Become the Hacker's Nuclear Weapon

Why has the attack and defense of DeFi accelerated towards collapse this summer? In addition to the traditional evolution of hacker techniques, the rapid advancement of AI large model capabilities is becoming the ultimate game-changer.

In the past, finding a complex smart contract vulnerability (especially those involving cross-chain, multi-layer nesting, or extremely obscure reentrancy logic) required top hackers weeks or even months of code analysis. However, with the maturation of AI agents equipped with long context, strong logical reasoning, and autonomous tool invocation capabilities, this has undergone a qualitative change.

• Second-level scanning and full network “zero-day vulnerability” mining: Attackers only need to feed open-source code libraries to the new generation of AI reasoning models, and the AI can deduce hundreds of extreme interaction scenarios in seconds, accurately identifying boundary conditions overlooked by human auditors when fatigued.
• Automated attack script generation: AI can not only discover vulnerabilities but also automatically write, test, and deploy “hacker smart contracts” designed to extract funds.
• Perfect orchestration of off-chain DevOps and social engineering: AI can disguise itself as a perfect developer for phishing or monitor DeFi team’s GitHub submissions around the clock. Once the team uploads sensitive information or unverified fixing code, AI will launch an attack within seconds—which is far quicker than human security personnel's response time.

In this war of security offense and defense enhanced by AI, hackers armed with AI have almost infinite ammunition and second-level attack speed, while DeFi is constrained by the slow pace of governance voting, multi-sig confirmations, and delayed security audits, making it difficult to provide corresponding defensive responses.

Last month, the AI development company Anthropic, behind Claude, officially announced the next generation model Mythos (see "Anthropic Has Created the Strongest AI Model in History but Dares Not Release It..."). This is the first model in human history with a total parameter breakthrough of over ten trillion (in contrast, the current mainstream models on the market have parameters in the hundreds of billions to one trillion range), with a staggering training cost of $10 billion.

However, due to Mythos's specialized capabilities in cybersecurity (Anthropic has disclosed that the company used Mythos to identify thousands of zero-day vulnerabilities in just a few weeks), Anthropic is even hesitant to directly release this model to prevent it from being maliciously exploited by hacker groups and instead plans to allow top-tier companies to test it through a "glass wing" program to identify and fix potential vulnerabilities in advance.

The current DeFi security situation remains severe, making it hard to imagine what new threats the industry will face after Mythos is publicly released.

The Biggest Problem: Risk-Reward Ratio Has Long Been Imbalanced

For ordinary DeFi participants, liquidity providers (LPs), and whales, the most important issue now is to sit down and do the math.

For a long time, users chose to deposit funds into DeFi to pursue annualized returns several times higher than traditional finance. During bull markets or periods of liquidity mining frenzy, yields of 10%, 20%, or even higher were enough to cover people’s psychological expectations of “potential technical risks.”

But today, this underlying logic has long been shaken or even overturned; the risk-reward ratio of DeFi has become imbalanced. On the yield side, as the market enters stock game play, the safety cushion has thickened, and the actual yields of most mainstream, relatively reliable DeFi protocols have retreated to single-digit ranges; on the risk side, users’ principal is exposed to a black box that could be breached by AI at any time, and instantly emptied by flash loans; once a protocol is attacked, the token could become worthless and the liquidity pool drained within minutes, with no legal, insurance, or central bank able to cover it.

Taking on a 100% risk of principal loss for approximately 5% annualized returns is clearly not a good deal.

Manuel’s words may sound absolute, but they tear away the last fig leaf of DeFi. In the face of hackers using AI as a regular weapon and the constant eruption of security incidents in the industry, if you are not psychologically prepared to lose 100% of your principal for a certain return, then "withdrawing funds as soon as possible and securing your gains" may be the most rational and risk-averse choice under the current market cycle.

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。