According to The Block, OpenZeppelin co-founder Manuel Aráoz urged friends and family to leave even major DeFi protocols as hack losses and exploit counts climbed sharply in April and May.
OpenZeppelin co-founder Manuel Aráoz said in a post on X that he now considers “all of DeFi” unsafe and has advised friends and family to exit all decentralized finance positions, including lower-risk exposure to so-called blue chip protocols such as Aave, MakerDAO, and Compound. Aráoz said smart contract security remains structurally imbalanced because defenders must fix every bug while attackers need only one successful exploit, adding that coding agents are “superhuman” at finding vulnerabilities. His comments came amid elevated security concerns after nearly $630 million was stolen from DeFi protocols in April, according to The Block’s data dashboard, making it the worst month for DeFi hacks since February 2025, when Bybit lost roughly $1.5 billion. April included a $285 million exploit of Drift tied to a six-month social engineering scheme and a $293 million exploit of Kelp DAO involving a cross-chain bridge vulnerability; both attacks have been widely attributed to North Korea’s state-backed hackers. DefiLlama data showed 27 reported DeFi exploit cases in April, while DeFi total value locked fell about 14% from roughly $172 billion in mid-April to $148 billion. May had also recorded 25 DeFi exploits so far, including an $11.6 million Ethereum bridge exploit affecting Verus Network and a $573,200 security breach acknowledged by Polymarket that may have involved a private key compromise.