Top Audit Guru Alerts: All DeFi is Unsafe, Withdraw Now!

Odaily星球日报Publicado a 2026-05-28Actualizado a 2026-05-28

Resumen

Leading DeFi security auditor and OpenZeppelin founder Manuel Aráoz has issued a stark warning, declaring all DeFi protocols unsafe and advising the withdrawal of funds, even from established platforms like Aave and MakerDAO. This warning stems from the rapidly growing threat posed by AI-powered hacking tools. Aráoz highlights that AI agents can now identify and exploit smart contract vulnerabilities in minutes, a task that previously took expert teams weeks. This creates a critical asymmetry: defenders must patch every flaw, while attackers need only find one. Recent months have seen a surge in high-profile exploits, with billions lost in April and May alone across protocols like Drift Protocol, Kelp DAO, and THORChain. The acceleration is attributed to AI's ability to perform rapid code scanning, generate automated attack scripts, and even orchestrate social engineering and infrastructure attacks faster than human defenders can respond. The article cites Anthropic's powerful new AI model, Mythos, which demonstrated such proficiency in finding zero-day vulnerabilities that its public release was delayed over security concerns. This evolution fundamentally disrupts DeFi's risk-reward calculus. With yields on reliable protocols falling to single digits, users now face the potential of 100% capital loss for minimal returns. Aráoz's conclusion is that for most users, withdrawing funds to secure wallets is the most rational risk-management choice in the current landscape.

Original | Odaily Planet Daily (@OdailyChina)

Author | Azuma (@azuma_eth)

"I believe all DeFi is no longer secure."

This assertion left by Manuel Aráoz, founder of OpenZeppelin, on X yesterday is like a depth charge, once again shaking the already stagnant DeFi market.

Manuel even stated that he has started advising friends and family to withdraw funds from major DeFi protocols, including blue-chip protocols like Aave, MakerDAO, and Compound, which were once considered low-risk.

This is not alarmist talk from an outsider. On the contrary, Manuel himself is one of the core builders of the DeFi security ecosystem, and OpenZeppelin is one of the industry's most mainstream security auditing firms. Its contract libraries, security standards, and auditing frameworks have permeated almost the entire DeFi world.

The reason for Manuel's complete change in attitude lies in AI. Manuel pessimistically believes that the capability of AI Coding Agents to identify and exploit smart contract vulnerabilities is increasing exponentially.

This means that issues which previously took top white-hat teams weeks to discover might now be scanned by AI in minutes; where hackers needed to study protocol logic extensively, AI can now automatically analyze attack paths; where DeFi's "openness and transparency" was once an advantage, it has now become the best training corpus for attackers.

Manuel also mentioned a more fatal problem: smart contract security is essentially an extremely asymmetric game — defenders must patch all vulnerabilities, while attackers only need to find one to steal funds. As AI begins to exponentially enhance attack efficiency, this asymmetry is rapidly tilting out of balance.

The Icy Reality: DeFi Has Become a Hacker's ATM

Looking back at DeFi security incidents over the past few months, you'll find Manuel's concerns are not exaggerated.

April was arguably one of the worst months in DeFi history.

On April 1st, April Fool's Day, Drift Protocol suffered a theft of $280 million due to a manager privilege hijacking and multisig execution vulnerability (see April Fool's Joke? Drift Protocol Hacked for Over $280 Million, Possibly Becoming Solana Ecosystem's Second Largest DeFi Heist).
Subsequently on April 19th, Kelp DAO lost $292 million due to a breached bridge protocol (see Another $292 Million Stolen from DeFi, Is Even Aave Unsafe Now?). The hacker later escaped via lending protocols like Aave, casting a shadow of bad debts and their ripple effects over the entire DeFi space.

And since entering May, incidents have not decreased but rather further proliferated.

On May 15th, THORChain was attacked. A newly added node operator exploited a vulnerability in the GG20 threshold signature scheme (TSS) to reconstruct the vault's private key and directly execute outbound transactions, causing a loss exceeding $10 million.
On May 18th, Verus's bridge protocol was attacked. The attacker forged cross-chain import payloads to bypass verification and extract assets from the Ethereum reserves, stealing approximately $11.58 million.
On May 19th, Echo Protocol on Monad was attacked due to a private key leak. The attacker minted 1,000 eBTC (worth $76.7 million) and extracted funds via a previously tested attack path through Curvance.
On May 24th, StablR, a compliant stablecoin issuer under the MiCA regulatory framework, was attacked. The hacker profited over $2.8 million by minting EURR and USDR, causing EURR and USDR to depeg.
On May 25th, the SquidRouter module was attacked, resulting in the theft of approximately $3 million in assets from 86 Gnosis Safe wallets.
On May 27th, the StakeDAO deployer's private key was leaked on Arbitrum. The attacker minted about 5.45 trillion vsdCRV and partially exchanged them for 43.7 ETH to escape.

Frequently occurring security incidents have sounded the alarm. From on-chain code to off-chain management, DeFi seems to be losing ground across the board.

AI Has Become the Hacker's Nuclear Weapon

Why has the DeFi offensive-defensive balance suddenly collapsed this summer? Beyond the evolution of traditional hacking techniques, the rapid advancement of AI large language model capabilities is becoming the ultimate factor tipping the scales.

In the past, finding a complex smart contract vulnerability (especially one involving cross-chain interactions, multi-layer nesting, or extremely hidden reentrancy logic) required top-tier hackers weeks or even months of code analysis. However, with the maturation of AI agents possessing ultra-long context, strong logical reasoning, and autonomous tool-calling abilities, this has undergone a qualitative change.

Second-level Scanning and Global "Zero-day Vulnerability" Mining: Attackers only need to feed open-source code repositories to new-generation AI reasoning models, and AI can, within seconds, deduce hundreds of extreme interaction scenarios like a seasoned security expert, precisely identifying boundary conditions that human auditors might miss due to fatigue.
Automated Attack Script Generation: AI can not only discover vulnerabilities but also automatically write, test, and deploy "hacker smart contracts" designed to extract funds.
Perfect Orchestration of Off-chain DevOps and Social Engineering: AI can impersonate a perfect developer for phishing or monitor a DeFi team's GitHub commits 24/7. Once the team uploads code containing sensitive information or unverified fixes, AI can launch an attack within seconds—far faster than any human security personnel can respond.

In this AI-augmented security war, hackers, armed with AI, possess nearly unlimited ammunition and attack speeds measured in seconds. In contrast, DeFi, constrained by slow-paced governance voting, multisig confirmations, and delayed security audits, struggles to mount a corresponding defense.

Last month, Anthropic, the AI development company behind Claude, officially announced its new-generation model, Mythos (see Anthropic Develops the Most Powerful AI Model in History, But Dares Not Release It...). This is the first model in human history to exceed ten trillion parameters (in contrast, current mainstream models range from hundreds of billions to one trillion parameters), with a staggering training cost of $10 billion.

However, due to Mythos's specialized capabilities in cybersecurity (Anthropic disclosed that they identified thousands of zero-day vulnerabilities using Mythos in just a few weeks), the company even dares not release the model publicly directly, fearing malicious use by hacker groups. Instead, they plan to allow leading tech giants to test it first through a "Project Glasswing" to patch potential vulnerabilities in advance.

If the current DeFi security landscape is already this severe, it's hard to imagine what new threats industry security defenses will face once Mythos is publicly released.

The Biggest Problem: The Risk-Reward Ratio Has Long Been Out of Balance

For ordinary DeFi participants, liquidity providers (LPs), and whales, the most important issue now is to sit down and do the math.

For a long time, the reason users chose to deposit funds into DeFi was the pursuit of annualized yields several times higher than those in traditional finance. During bull markets or frenzied periods of liquidity mining, yields of 10%, 20%, or even higher were enough to cover people's psychological expectations for "potential technical risks."

But today, this underlying logic has long been shaken, even overturned. The risk-reward ratio of DeFi is already out of balance. On the reward side, as the market enters a phase of stock game competition and security cushions thicken, the real yields of most mainstream, relatively reliable DeFi protocols have fallen back to single-digit percentages. On the risk side, users' principal is exposed to a black box that could be breached by AI at any moment, emptied by flash loans in an instant. Once a protocol is hacked, token prices plummeting to zero and liquidity pools being drained often happen within minutes, with no legal recourse, insurance, or central bank to cover the losses.

The gamble of risking 100% principal loss for an annualized return of around 5% is clearly not a worthwhile bet.

Manuel's words may be somewhat absolute, but they tear off DeFi's final fig leaf. In the face of the reality where hackers have made AI a conventional weapon and security incidents keep erupting in the industry, if you are not mentally prepared to risk losing 100% of your principal for a certain return, then "withdrawing funds as soon as possible and securing profits" might be the most rational, most risk-control-compliant choice in the current market cycle.

Preguntas relacionadas

QAccording to the article, who is Manuel Aráoz and why is his warning about DeFi security considered significant?

AManuel Aráoz is the founder of OpenZeppelin, a leading security audit firm in the crypto industry. His warning is significant because he is a core builder of the DeFi security system, and his company's contract libraries, security standards, and audit frameworks are widely used across the DeFi ecosystem. His shift in stance carries substantial weight due to his deep expertise and role in the industry.

QWhat is the primary reason cited by Manuel Aráoz for his belief that all DeFi is now insecure?

AThe primary reason is the exponential improvement in AI (specifically AI Coding Agents) in identifying and exploiting smart contract vulnerabilities. AI can now find issues in minutes that once took top security teams weeks, automate the analysis of attack paths, and leverage the public nature of DeFi code as training data. This massively amplifies the inherent asymmetry in security where attackers need only find one flaw while defenders must patch all of them.

QWhat is the 'Mythos' model mentioned in the article, and why is it considered a potential threat?

AMythos is a new AI model developed by Anthropic, the company behind Claude. It is the first model to surpass 10 trillion parameters, with a training cost of $10 billion. It is considered a potential threat because Anthropic disclosed that in just a few weeks, Mythos identified thousands of zero-day vulnerabilities. Due to its specialized capabilities in cybersecurity, Anthropic is hesitant to release it publicly for fear it could be maliciously used by hackers to exploit vulnerabilities at an unprecedented scale.

QThe article argues that the risk-reward ratio for DeFi participation has become unbalanced. What is the core of this argument?

AThe core argument is that the potential rewards (returns) from mainstream DeFi protocols have fallen to single-digit percentages in the current market, while the risks have skyrocketed. Users now risk losing 100% of their principal in minutes due to AI-enhanced hacks, with no legal recourse, insurance, or central bank backstop. The article frames this as an irrational trade-off: risking total loss for a relatively low annual yield.

QBesides smart contract code, what other aspects of DeFi infrastructure have been targeted in recent hacks according to the article's examples?

ARecent hacks have targeted vulnerabilities beyond just smart contract code. Examples include bridge protocols (Kelp DAO, Verus), management/private key compromises (Drift Protocol, StakeDAO, Echo Protocol), threshold signature schemes (THORChain), and wallet management modules (SquidRouter). This indicates that security weaknesses exist across the entire DeFi stack, from on-chain code to off-chain operational and key management practices.

Lecturas Relacionadas

End of the 'Gray Era' for Hong Kong and US Stock Trading Accounts: Where Can Your Money Go Now?

Hong Kong and US stock “grey account opening era” ends, where can your money go? In a coordinated regulatory crackdown starting May 22nd, Hong Kong's SFC and China's securities regulator have targeted the previously common but legally ambiguous practice of mainland Chinese investors opening accounts with Hong Kong brokers to trade Hong Kong and US stocks. The SFC issued a stern circular after a review of 12 brokerages, citing major deficiencies including inadequate due diligence, acceptance of suspicious or forged documents, and weak management of cross-border relationships. New requirements mandate mainland clients to submit a written declaration confirming their investment funds originate from *outside* mainland China, the account has never been closed for using suspicious documents, and agreeing to information disclosure. Brokers must immediately close accounts opened with suspicious documents and dormant accounts. Simultaneously, Chinese authorities launched a two-year campaign to rectify illegal cross-border securities activities. Key internet brokers like Futu, Tiger Brokers, and Longbridge are facing penalties, with existing accounts allowed only to sell/withdraw funds, not add new ones. The impact is immediate. Reports from social media and financial news outlets confirm that individuals traveling to Hong Kong to open accounts are now required to sign the new declaration. However, even after signing, applications are frequently rejected. The declaration shifts compliance responsibility to the client and acts as a filter, as most mainland investors' funds do not legally meet the "from outside China" criterion. Major brokers like Futu and Tiger have stopped accepting new mainland clients. A few, such as uSmart Securities, Fosun Wealth, and Cheerful Investment, still offer limited channels, but approvals have tightened significantly. Crucially, funding must now come exclusively from the investor's own bank account in Hong Kong or a qualified jurisdiction, blocking previous workarounds like using money changers or stablecoins. For mainland investors, compliant pathways still exist but are narrower. Individuals with overseas status (students, work visa holders) and verifiable offshore funds may still qualify. Official channels like Stock Connect, QDII, and the Cross-boundary Wealth Management Connect remain fully compliant options, albeit with product and quota limitations. On-chain alternatives exist but carry their own regulatory uncertainties and often exclude mainland users. The crackdown signals the end of the lax expansion period for Hong Kong brokers targeting mainland clients. While investment opportunities persist, the era of easy, low-compliance access is over. Investors must now carefully assess their eligibility and understand that signing the new declaration carries personal legal liability.

Odaily星球日报Hace 1 min(s)

End of the 'Gray Era' for Hong Kong and US Stock Trading Accounts: Where Can Your Money Go Now?

Odaily星球日报Hace 1 min(s)

SpaceX's $1.75 Trillion IPO: A Quick Guide to 17 Related Stocks

**Title: SpaceX's $1.75 Trillion IPO: Analysis of 17 Related Stocks** SpaceX is set to IPO on Nasdaq with a $1.75 trillion valuation. The real value driver is Starlink, contributing 61% of Q1 revenue with high margins. Its valuation heavily depends on future execution, including user growth despite falling ARPU. Key stocks have already surged pre-IPO. Tesla (TSLA, +10%) is a primary beneficiary due to deep integration with SpaceX in chip design and AI. Rocket Lab (RKLB, +89%) is seen as a "mini-SpaceX," but faces risk from potential Neutron rocket delays. AST SpaceMobile (ASTS) competes in the same satellite-to-phone market as Starlink. Firefly (FLY, +70%) is a strong government contractor in lunar services. Partners like EchoStar (SATS), Planet Labs (PL), and T-Mobile (TMUS) will see revaluation. Suppliers like Qualcomm (QCOM, +57%) are critical ecosystem "picks and shovels." Investment vehicles like DXYZ (+80%) hold significant SpaceX stakes but trade at high premiums, which may collapse post-IPO. Redwire (RDW) is highlighted as an under-the-radar "pick and shovel" play in space components, with growth in defense contracts and microgravity pharmaceuticals. The article warns that much of the positive news is already priced in, and a post-IPO sell-off is possible. Large IPOs often underperform initially. Key risks include Starship delays, ARPU decline, and unforeseen black swan events affecting Elon Musk or space operations. Investors are advised to focus on companies with solid fundamentals and manage overall sector exposure carefully.

marsbitHace 3 min(s)

SpaceX's $1.75 Trillion IPO: A Quick Guide to 17 Related Stocks

marsbitHace 3 min(s)

Conversation with VanEck CEO: Memory Chip Stocks Are a Bubble, Bitcoin Will Stay but Token Ecosystems Will Disappear

In this podcast, VanEck CEO Jan van Eck discusses his investment outlook centered on three key long-term ("10-year macro") themes: AI-driven compute demand, India's economic rise, and excessive government debt in developed nations. Regarding AI and semiconductors, van Eck believes Nvidia has transformed into a foundational "host" for AI infrastructure, possessing deep moats in software, scale, and power efficiency, making it a core holding. However, he views the recent surge in memory chip stocks as a bubble driven by temporary supply-demand imbalances and pricing power, lacking Nvidia's competitive durability. On asset management, he emphasizes that while ETFs are scale-driven tools, the decisions on which ETFs to own and how to allocate remain highly active. He expresses greatest concern over fixed-income market illiquidity and the risk of a loss of confidence in government debt sustainability. Van Eck is bullish on gold's long-term role as a global monetary alternative and highlights the dramatic policy-driven growth in nuclear energy investment. He is strongly positive on India due to its demographic trends and pro-business reforms. Discussing crypto, he labels 2026 the "year of the corporate-controlled chain," where traditional finance adopts blockchain's best features (like 24/7 operation and programmability) but retains control. He predicts a permanent "crypto winter" for many projects, with only Bitcoin, stablecoins, and the core blockchain concept surviving long-term. He sees the U.S. stablecoin bill as marginally impactful, enabling tech firms to compete with, but not replace, banks. Finally, he views the upcoming SpaceX IPO as a significant, positive liquidity event for markets and advises investors to maintain a long-term, macro perspective when making asset allocation decisions.

marsbitHace 14 min(s)

Conversation with VanEck CEO: Memory Chip Stocks Are a Bubble, Bitcoin Will Stay but Token Ecosystems Will Disappear

marsbitHace 14 min(s)

In the Era of Agent Users, Where Does Crypto Value Flow?

Title: Who Makes Money from Agents? The rise of AI Agents as potential blockchain users raises a crucial question: if they become the next billion users, who will capture the value? Traditional crypto value capture theories—like "fat protocols" (where value accrues to the base layer) and "fat applications" (where value accrues to user-facing apps)—assume human users who value UX, brand, and convenience. Agents, however, operate differently: they interact via APIs, have no brand loyalty, and can switch services with near-zero cost. This shift could disrupt existing value flows. Applications might become "headless," offering their routing and infrastructure as APIs to Agents. Alternatively, Agents might bypass intermediaries entirely, allowing protocols to regain value capture ("fat protocols" reborn). A more extreme scenario is that Agents, being purely rational and cost-sensitive, could commoditize the entire stack, compressing margins toward marginal cost and turning crypto into a low-margin utility. However, Agents may not just amplify existing activities; they could enable entirely new ones—like continuous, sub-penny portfolio rebalancing, machine-to-machine commerce, and new market types only viable at automated speeds. This expands the economic pie rather than just redistributing it. Ultimately, the key question for builders is: what will make an Agent return to your service instead of a cheaper alternative? The answer may not be UX but factors like liquidity, latency, settlement guarantees, or a yet-unnamed business model. As humans and Agents will coexist as users, value capture may split: "fat apps" for human-facing services, and a new, evolving model for the Agent-dominated layer.

marsbitHace 44 min(s)

In the Era of Agent Users, Where Does Crypto Value Flow?

marsbitHace 44 min(s)

Base MCP, The Next Step for x402

Base has officially launched Base MCP, allowing users to connect their Base Account to AI Agents to perform actions like swaps, transfers, portfolio tracking, and transaction history queries through conversational commands. This move aligns with Base's strategic focus on AI, driven by the broader competition in the emerging Agent-to-Agent payment sector. The evolution of Agent payments has accelerated. In late 2024, the primary method involved insecure browser automation. By 2025, solutions like Coinbase's x402 (providing crypto wallets for Agents), Google's AP2, and Visa's token-based system emerged. x402 has since processed 176 million transactions totaling over $70 million, with a median value between $0.01 and $0.10. Stablecoins, particularly USDC, dominate these settlements due to their negligible transaction costs compared to traditional payment fees, which are prohibitive for micro-payments. Coinbase faces competition from Stripe, which has built a comparable infrastructure for Agent payments with its Tempo blockchain, Privy wallets, Bridge routing (acquired for $1.1B), and the recently launched MPP protocol. Both companies are now competing at the application layer. The core reason AI is central to Base's strategy is to expand the scenarios for Agent payments, ensuring more transactions occur on its network. By securing a dominant position and scale advantage in this nascent field, Coinbase aims to capture the future commercial potential of Agent-driven payments. The launch of Base MCP is thus a strategic step in this larger ambition.

marsbitHace 50 min(s)

marsbitHace 50 min(s)

Trading

Spot

Futuros