The biggest problem now is that the risk-reward ratio is already unbalanced.

Written by: Azuma (@azuma_eth), Planet Daily

"I believe all DeFi is unsafe."

This assertion left by Manuel Aráoz, founder of OpenZeppelin, on X yesterday hit the already stagnant DeFi market like a depth charge.

Manuel even stated that he has begun advising friends and family to withdraw funds from major DeFi protocols, including blue-chip protocols such as Aave, MakerDAO, and Compound, which were once considered low-risk.

This is not an alarmist remark from an outsider. On the contrary, Manuel himself is one of the core builders of the DeFi security system, and OpenZeppelin is one of the most mainstream security audit companies in the industry, with its contracts library, security standards, and audit framework permeating the entire DeFi world.

The reason behind Manuel's complete change in attitude is AI. Manuel pessimistically believes that AI Coding Agents are exponentially enhancing their ability to identify and exploit vulnerabilities in smart contracts.

This means that problems which previously required a top-notch white hat team weeks to discover can now be scanned by AI in a matter of minutes; problems that used to take hackers long-term studies of protocol logic can now be directly analyzed and attacked automagically by AI; and the previous advantage of DeFi's "openness and transparency" has now turned into the best training dataset for attackers.

Manuel also pointed out a more fatal issue: the security of smart contracts is fundamentally an extremely asymmetric game — the defender must fix all vulnerabilities, while the attacker only needs to find one to steal funds. As AI begins to exponentially enhance attack efficiency, this asymmetry is rapidly losing balance.

The cold reality: DeFi has become a hacker's ATM

Looking back at the DeFi security incidents of the past few months, you will find that Manuel's concerns are not exaggerated.

April was arguably the worst month in DeFi history.

On April 1, April Fool's Day, the Drift Protocol lost $280 million due to a management privilege hijacking and multi-signature execution vulnerability (see "April Fools' Joke? Drift Protocol lost over $280 million, potentially becoming Solana's second-largest DeFi heist").

Then, on April 19, Kelp DAO lost $292 million due to a bridge protocol being compromised (see "DeFi once again lost $292 million, is Aave now unsafe?"), with hackers subsequently fleeing using Aave and other lending protocols, plunging the entire DeFi into the shadows of bad debts and their associated impacts.

Entering May, incidents not only did not decrease but further spread.

On May 15, THORChain was attacked, with newly added node operators exploiting a vulnerability in the GG20 threshold signature scheme (TSS) to reconstruct the vault's private key and directly execute outbound transactions, resulting in losses exceeding $10 million.

On May 18, Verus's bridge protocol suffered an attack, with attackers forging cross-chain import payloads to bypass verification and extract assets from the Ethereum reserves, stealing about $11.58 million.

On May 19, the Echo Protocol on Monad was attacked due to a private key leak, with attackers minting 1,000 eBTC (worth $76.7 million) and extracting funds via a previously tested attack path through Curvance.

On May 24, the compliance stablecoin issuer StablR under the MiCA regulatory system encountered an attack, with hackers profiting over $2.8 million by minting EURR and USDR, leading to a decoupling of EURR and USDR.

On May 25, the SquidRouter module was attacked, causing approximately $3 million in assets to be stolen from 86 Gnosis Safe wallets.

On May 27, a deployer's private key for StakeDAO was leaked on Arbitrum, allowing attackers to mint approximately 54.5 trillion vsdCRV and partially exchange it for 43.7 ETH for escape.

The frequency of security incidents has sounded the alarm; from on-chain code to off-chain management, DeFi seems to be losing ground entirely.

AI has become a hacker's nuclear weapon

Why has the offensive and defensive struggle in DeFi suddenly accelerated towards collapse this summer? In addition to the traditional evolution of hacking techniques, the rapid advancement of AI large model capabilities is becoming the ultimate lever to break the balance.

In the past, finding a complex smart contract vulnerability (especially those involving cross-chain, multi-layer nesting, or extremely concealed re-entrant logic) required top hackers weeks or even months of code sorting. However, with the maturity of AI agents equipped with long context, strong logical reasoning, and autonomous tool invocation capabilities, everything has undergone a qualitative change.

Seconds-level scanning and global "zero-day vulnerability" discovery: Attackers merely need to feed open-source code libraries to the next-generation AI reasoning models, and the AI can simulate hundreds of extreme interaction scenarios in seconds, accurately identifying boundary conditions missed by human auditors when fatigued.

Automated attack script generation: AI can not only discover vulnerabilities but also automatically write, test, and deploy "hacker smart contracts" for extracting funds.

Perfect orchestration of off-chain DevOps and social engineering: AI can disguise itself as a perfect developer for phishing or monitor DeFi team GitHub submissions around the clock. Once a team uploads sensitive information or unverified code fixes, AI will initiate an attack within seconds — much faster than human security personnel can respond.

In this war of security offense and defense enhanced by AI, hackers, armed with AI, possess nearly infinite ammunition and seconds-level attack speeds, while DeFi is constrained by slow-paced governance votes, multi-signature confirmations, and lagging security audits, making it difficult to respond with appropriate defenses.

Last month, Anthropic, the AI development company behind Claude, officially announced its next-generation model, Mythos (see "Anthropic has created the strongest AI model ever but is afraid to release it..."). This is the first model in human history to break the parameter threshold of ten trillion (in contrast, mainstream models currently on the market have parameter counts in the range of hundreds of billions to trillions), with a training cost reaching an astonishing $10 billion.

However, due to Mythos's specialized capabilities in cybersecurity (Anthropic disclosed that within a few weeks, Mythos identified thousands of zero-day vulnerabilities), Anthropic was even reluctant to directly release the model to avoid malicious exploitation by hackers, planning instead to conduct preliminary testing through a "glass wing" program with leading companies to patch potential vulnerabilities in advance.

The current DeFi security situation remains so severe that it is hard to imagine the new threats that the industry’s security defenses will face once Mythos is publicly released.

The biggest problem: the risk-reward ratio is already unbalanced

For ordinary DeFi participants, liquidity providers (LPs), and whales, the most important issue now is to sit down and do the math.

For a long time, users have chosen to deposit funds into DeFi, pursuing annualized returns that are several times higher than traditional finance. During bull markets or periods of liquidity mining frenzy, returns of 10%, 20%, or even higher were enough to cover people's psychological expectations of "potential technical risks."

But today, this underlying logic has been shaken or even overturned, and the risk-reward ratio of DeFi is already unbalanced. On the yield side, as the market enters a stock game and security cushions thicken, the real yield rates of most mainstream, relatively reliable DeFi protocols have fallen back to single-digit ranges; on the risk side, users' principal is exposed in a black box that could be breached by AI at any time and instantly cleared by flash loans, and once the protocol suffers a hacker attack, token value can plummet to zero, and liquidity pools can be drained within minutes, with no legal, insurance, or central bank coverage to safeguard it.

Taking a risk of losing 100% of the principal to earn almost 5% annual returns is clearly not a worthwhile deal.

Manuel's words may seem absolute, but they tear off the last cover of DeFi. In the face of reality where hackers have made AI a routine weapon and security incidents in the industry continue to erupt, if you are not prepared mentally for the possibility of losing 100% of your principal for a guaranteed return, then "withdrawing funds quickly and pocketing the profits" may be the most rational choice in current market conditions that aligns with risk control principles.