Top Audit Expert Warns: All DeFi is Unsafe, Withdraw Now!

marsbitPubblicato 2026-05-28Pubblicato ultima volta 2026-05-28

Introduzione

A leading DeFi security expert has issued a stark warning: all DeFi is now unsafe. Manuel Aráoz, founder of major security audit firm OpenZeppelin, stated on X that he is advising friends and family to withdraw funds from major protocols like Aave, MakerDAO, and Compound. The core reason for this drastic shift is the rise of AI. Aráoz argues that AI-powered coding agents can now identify and exploit smart contract vulnerabilities at an exponentially faster rate. This turns DeFi's transparency into a liability, providing a vast training dataset for attackers. The fundamental asymmetry of security—where defenders must patch every flaw, but attackers need only find one—is being catastrophically unbalanced by AI. Recent months provide chilling evidence. April saw massive exploits, including a $280 million loss at Drift Protocol and a $292 million theft from Kelp DAO. The trend continued into May with multiple high-value attacks on protocols like THORChain, Verus, Echo Protocol, and StakeDAO, demonstrating vulnerabilities across both on-chain code and off-chain management. AI acts as a force multiplier for hackers, enabling near-instantaneous vulnerability scanning, automated exploit script generation, and sophisticated social engineering. The recent development of ultra-powerful AI models like Anthropic's Mythos—so advanced its public release was delayed over security fears—signals even greater threats ahead. The article concludes that the risk-reward calculus for DeFi partic...

Original | Odaily Planet Daily(@OdailyChina)

Author | Azuma(@azuma_eth)

“I believe all DeFi is now unsafe.”

This assertion left by OpenZeppelin founder Manuel Aráoz on X yesterday, like a depth charge, once again rocked the already stagnant DeFi market.

Manuel even stated that he has started advising friends and family to withdraw funds from major DeFi protocols, including blue-chip protocols like Aave, MakerDAO, and Compound, which were once considered low-risk.

This is not alarmism from an outsider. On the contrary, Manuel himself is one of the core builders of the DeFi security system, and OpenZeppelin is one of the industry's most mainstream security auditing firms. Its contract libraries, security standards, and audit frameworks have permeated nearly the entire DeFi world.

The reason for Manuel's complete shift in attitude lies in AI. Manuel pessimistically believes that the ability of AI Coding Agents to identify and exploit smart contract vulnerabilities is increasing exponentially.

This means that issues which previously required top-tier white-hat teams weeks to discover might now be scanned by AI in minutes; where hackers once needed long-term study of protocol logic, attack paths can now be analyzed automatically by AI; the "open and transparent" nature of DeFi, once an advantage, has now become the best training corpus for attackers.

Manuel also raised a more fatal problem: Smart contract security is essentially an extremely asymmetric game — the defense must patch all vulnerabilities, while the attacker only needs to find one to steal funds. As AI begins to exponentially enhance attack efficiency, this asymmetry is rapidly becoming unbalanced.

The Cold Reality: DeFi Has Become a Cash Cow for Hackers

Looking back at DeFi security incidents over the past few months, you'll find that Manuel's concerns are not exaggerated.

April was almost the worst month in DeFi's history.

On April 1st, April Fool's Day, Drift Protocol lost $280 million due to manager privilege hijacking and multi-signature execution vulnerabilities (details in "An April Fool's Joke? Drift Protocol Hacked for Over $280M, Potentially Becoming Solana Ecosystem's Second-Largest DeFi Heist").
Subsequently, on April 19th, Kelp DAO lost $292 million due to a bridge protocol breach (details in "DeFi Hacked Again for $292M, Is Even Aave Unsafe Now?"). The hacker later escaped via lending protocols like Aave, casting the shadow of bad debt and its cascading effects over the entire DeFi sector.

Entering May, incidents not only didn't decrease but further proliferated.

On May 15th, THORChain was attacked. A newly joined node operator exploited a vulnerability in the GG20 Threshold Signature Scheme (TSS), reconstructed the vault private key, and directly executed outbound transactions, causing over $10 million in losses.
On May 18th, Verus's bridge protocol was attacked. The attacker forged cross-chain import payloads, bypassed verification to extract assets from the Ethereum reserve, stealing approximately $11.58 million.
On May 19th, Echo Protocol on Monad was attacked due to a private key leak. The attacker minted 1,000 eBTC (worth $76.7 million) and extracted funds via Curvance using a previously tested attack path.
On May 24th, StablR, a compliant stablecoin issuer under the MiCA regulatory framework, was attacked. The hacker profited over $2.8 million by minting EURR and USDR, causing EURR and USDR to depeg.
On May 25th, the SquidRouter module was attacked, resulting in approximately $3 million in assets stolen from 86 Gnosis Safe wallets.
On May 27th, the StakeDAO deployer private key was leaked on Arbitrum. The attacker minted about 5.45 trillion vsdCRV and exchanged part of it for 43.7 ETH to escape.

The frequently occurring security incidents have sounded the alarm. DeFi seems to be collapsing across the board, from on-chain code to off-chain management.

AI Has Become the Hackers' Nuclear Weapon

Why has the DeFi offense-defense dynamic suddenly accelerated towards collapse this summer? Beyond the evolution of traditional hacking techniques, the rapid advancement of AI large language models is becoming the ultimate factor tipping the balance.

In the past, finding a complex smart contract vulnerability (especially those involving cross-chain, multi-layer nesting, or extremely hidden reentrancy logic) required top hackers weeks or even months of code review. However, with the maturity of AI agents possessing ultra-long context, strong logical reasoning, and autonomous tool-calling capabilities, this has changed fundamentally.

Second-Level Scanning and Global "Zero-Day" Vulnerability Mining: Attackers only need to feed the open-source codebase to the new generation of AI reasoning models. The AI can, within seconds, deduce hundreds of extreme interaction scenarios like a seasoned security expert, accurately pinpointing edge cases missed by human auditors during fatigue.
Automated Attack Script Generation: AI can not only discover vulnerabilities but also automatically write, test, and deploy the "hacker smart contracts" used to extract funds.
Perfect Orchestration of Off-Chain DevOps and Social Engineering: AI can impersonate perfect developers for phishing or monitor DeFi teams' GitHub commit logs around the clock. Once a team uploads code containing sensitive information or unverified fixes, the AI will launch an attack within seconds—far faster than any human security team's response time.

In this security warfare augmented by AI, hackers, armed with AI, possess nearly infinite ammunition and second-level attack speed. DeFi, however, is constrained by slow-paced governance voting, multi-signature confirmations, and lagging security audits, making it difficult to mount a corresponding defensive response.

Last month, Anthropic, the AI development company behind Claude, officially announced its next-generation model, Mythos (details in "Anthropic Creates the Most Powerful AI Model Ever, But Dares Not Release It..."). This is the first model in human history to break the hundred-trillion parameter threshold (in contrast, mainstream models currently range from hundreds of billions to one trillion parameters), with a staggering training cost of $10 billion.

However, due to Mythos's specialized capabilities in cybersecurity (Anthropic disclosed that using Mythos, they identified thousands of zero-day vulnerabilities in just a few weeks), Anthropic even dares not publicly release the model directly, for fear of malicious use by hacking groups. Instead, they plan to first allow leading large companies to test and preemptively patch potential vulnerabilities through a "Glasswing" initiative.

With the DeFi security situation already so severe at this stage, it's hard to imagine what new threats the industry's security defenses will face once Mythos is publicly released.

The Biggest Problem: Risk-Reward Ratio Has Long Been Unbalanced

For ordinary DeFi participants, liquidity providers (LPs), and whales, the most important question now is to sit down and calculate.

For a long time, the reason users chose to deposit funds into DeFi was to pursue annualized yields several times higher than those in traditional finance. During bull markets or the frenzy of liquidity mining, yields of 10%, 20%, or even higher were enough to cover people's psychological expectations for "potential technical risks."

But today, this underlying logic has long been shaken and even overturned. The risk-reward ratio of DeFi is already unbalanced. On the reward side, as the market enters a game of limited players and safety margins thicken, the real yields of most mainstream, relatively reliable DeFi protocols have fallen back to single-digit ranges. On the risk side, users' principal is exposed to a black box that could be breached by AI at any moment and emptied by a flash loan in an instant. Once a protocol is hacked, token prices plummeting to zero and liquidity pools being drained often happen within minutes, with no legal recourse, insurance, or central bank to provide coverage.

The risk of losing 100% of principal to chase roughly 5% annualized yield is clearly not a good deal.

Manuel's words may be somewhat absolute, but they tear off DeFi's last fig leaf. In the face of the reality where hackers have made AI a conventional weapon and security incidents continue to erupt in the industry, if you are not prepared for the psychological expectation of losing 100% of your principal for a certain yield, then "withdrawing funds as soon as possible and realizing profits" might be the most rational and risk-control-principled choice in the current market cycle.

Domande pertinenti

QAccording to the article, what is the main reason Manuel Aráoz gives for his statement that all DeFi is unsafe?

AThe main reason is the exponential enhancement of AI Coding Agents in identifying and exploiting vulnerabilities in smart contracts, making it easier and faster for attackers to find and exploit flaws.

QWhat does the article highlight as the fundamental asymmetry in smart contract security?

AThe fundamental asymmetry is that defenders must fix all vulnerabilities to be secure, while attackers only need to find a single vulnerability to steal funds.

QWhy is the AI model 'Mythos' from Anthropic mentioned as a particular concern in the context of DeFi security?

AMythos is a concern because it has demonstrated a powerful specialization in cybersecurity, being able to identify thousands of zero-day vulnerabilities in a short time, which could be weaponized by hackers if publicly released.

QWhat is the article's conclusion about the risk-reward ratio for users participating in DeFi protocols currently?

AThe article concludes that the risk-reward ratio is imbalanced. The potential risk of losing 100% of principal now outweighs the relatively low single-digit percentage annual yields offered by many protocols.

QWhich two major DeFi protocols were specifically mentioned as examples from which Manuel Aráoz is advising friends and family to withdraw funds?

AAave and Compound were specifically mentioned as examples of previously considered low-risk blue-chip protocols from which he advises withdrawal.

Letture associate

Seeking Alpha's Hot Article: Why Might the U.S. Stock Market Crash in June?

In a recent Seeking Alpha article, financial professor and analyst Damir Tokic argues that the US stock market may be poised for a significant crash in June 2026. The core thesis centers on a "mega-bubble" in equities, particularly within the technology sector, which has driven the S&P 500 to near-record valuations, with a Shiller P/E ratio exceeding 40—a level comparable to the 2000 dot-com bubble. Tokic identifies two primary catalysts for a potential collapse. First, he points to unsustainable market exuberance fueled by what he terms the "Trump Stimulus"—massive AI capital expenditure by tech giants, which he believes is politically driven and cannot last. Second, and more urgently, he highlights the escalating Iran war as a critical threat. The ongoing closure of the Strait of Hormuz has created a severe global energy supply crunch. Strategic petroleum reserves are projected to hit critically low operational levels by June, potentially causing oil prices to spike above $200 per barrel and triggering a severe, supply-driven inflationary shock. This scenario, Tokic warns, would force the Federal Reserve's hand. Despite currently maintaining a dovish bias, the Fed would likely be compelled to officially pivot to a hawkish stance at its June FOMC meeting to combat soaring inflation and bond yields. He contends that such a shift—or even a failure to act, which would destroy Fed credibility—could be the trigger that punctures the market bubble. The resulting downturn, he concludes, could rival the bear markets of 2000 and 2008, advising investors to prepare for a major correction.

marsbit16 min fa

Seeking Alpha's Hot Article: Why Might the U.S. Stock Market Crash in June?

marsbit16 min fa

AI PC Battle: Bet on the Toll Booth, Not the Camp

**Title:** The AI PC Battle: Don't Bet on Sides, Bet on the Tollbooth **Summary:** The AI PC competition is moving beyond simple "x86 vs. Arm" narratives. The core investment thesis should focus on identifying which players can sustain margins, cash flow, and pricing power throughout the upgrade cycle, rather than backing a particular architecture. The opportunity is analyzed in three layers: 1. **The Advanced Foundry Tollbooth:** TSMC is positioned to collect "tolls" regardless of which chip designer wins, due to its dominant ~70% share in advanced semiconductor manufacturing, which is essential for high-end AI PC chips. 2. **Compute & Platform Spillover:** AMD represents an offensive in the x86 CPU+GPU space, while NVIDIA leverages its GPU and CUDA software stack dominance. Both benefit from the demand for increased local AI compute. 3. **Architecture Diffusion & Turnaround Plays:** ARM and Intel offer potential for significant upside (elasticity), but investments here require stricter discipline due to higher execution risks and competitive challenges. The industry is transitioning from concept to shipment validation. While short-term forecasts for AI PC adoption have been revised down slightly due to tariffs and procurement delays, the long-term trend towards AI becoming a standard PC feature remains intact. The key driver for upgrade cycles will be whether compelling enterprise applications (e.g., privacy-sensitive computing, low-latency inference) emerge beyond consumer-focused features like meeting summarization. Investment strategy should prioritize companies with platform-level advantages and recurring revenue streams. TSMC offers high certainty as the foundational tollbooth. AMD presents a strong offensive play within the established ecosystem. ARM and Intel are higher-risk, higher-potential-reward turnaround bets. The report cautions against chasing short-term hype and emphasizes a disciplined, long-term approach focused on buying ecosystem strength and cash-flow certainty after market enthusiasm subsides. **Key Risks:** Underwhelming AI PC applications slowing upgrade cycles; slow improvement in Windows on Arm compatibility; macro/tariff impacts on PC demand; potential advanced node supply-demand mismatches affecting TSMC; high overall AI sector valuations making stocks vulnerable to a risk-off shift in markets.

marsbit30 min fa

AI PC Battle: Bet on the Toll Booth, Not the Camp

marsbit30 min fa

Which Companies Has NVIDIA's "Three-Track Investment Architecture" Invested In?

NVIDIA's investment strategy operates through a "three-track architecture," not just its NVentures venture arm. Corporate Development handles massive strategic bets (e.g., $30B in OpenAI, $10B in Anthropic, $20B in Synopsys). NVentures, a small team, focuses on early-stage, financial investments across sectors like quantum computing (Alice & Bob, PsiQuantum), AI infrastructure (OpenRouter, Tensormesh), and biotech. The NVIDIA Inception accelerator provides non-monetary support. This system allows NVIDIA to nurture startups and lock in strategic partners, creating a vast AI ecosystem. This aggressive capital deployment has drawn scrutiny. Critics like Michael Burry and EU regulators question potential "circular financing," where NVIDIA's equity investments in companies (e.g., CoreWeave, OpenAI) facilitate those companies' purchases of NVIDIA hardware, potentially inflating revenue. Supporters view it as a necessary "virtuous cycle" to secure supply and demand in a compute-scarce market. While NVentures' smaller deals appear like traditional VC, its role within the larger, controversial investment framework remains a point of debate.

marsbit58 min fa

Which Companies Has NVIDIA's "Three-Track Investment Architecture" Invested In?

marsbit58 min fa

Ten-Thousand-Word Analysis: From $10 to $290, MRVL Wins the Entire AI Era by 'Not Making GPUs'

Marvell Technology's stock price surged from under $10 in 2016 to a record $290 in June 2026, fueled not by making GPUs, but by dominating AI infrastructure connectivity. This analysis argues the market misvalues MRVL as merely a smaller Broadcom in custom AI chips, overlooking its true, unique position. Marvell's core strength lies in enabling high-speed data flow for AI clusters through three interconnected businesses. First, it holds a commanding ~70% market share in high-speed optical DSPs (essential for data center light modules), a deep-moat business with accelerating growth. Second, its custom AI chip design business serves hyperscalers like AWS, Microsoft, and Google, with a significant revenue pipeline despite lower margins. Third, stable cash flows come from Ethernet switch chips and enterprise storage controllers. Together, they form a full-stack "AI data movement" platform. CEO Matt Murphy's transformative leadership since 2016, involving strategic divestments, key acquisitions (like Inphi for optical DSPs), and securing long-term agreements with major cloud providers, repositioned the company. A pivotal $2 billion strategic investment from NVIDIA in 2026 underscored Marvell's critical role in the AI ecosystem, particularly through collaborations like NVLink Fusion. While Marvell faces risks—including client concentration (losing the Amazon Trainium3 design), lower-margin business mix, competitive threats, insider selling, and complex supply chains—its fundamentals remain strong. The optical interconnect moat is widening with the acquisition of Celestial AI (photonics fabric), and financial metrics show accelerating revenue growth and operating leverage. With a PEG ratio suggesting undervaluation relative to its growth, the thesis is that the market undervalues Marvell's monopolistic position in AI "plumbing" while overemphasizing its competitive custom chip segment. The story transcends investing, symbolizing how in any complex system—from the internet to AI—the value of "connection" ultimately surpasses that of individual "nodes."

marsbit1 h fa

Ten-Thousand-Word Analysis: From $10 to $290, MRVL Wins the Entire AI Era by 'Not Making GPUs'

marsbit1 h fa

AI Relay Stations Spark Heated Debate on Zhihu: Behind Cheap Tokens, What Are Users Really Worried About?

A discussion on Zhihu about "AI relay stations" shifted the niche developer topic of "cheap tokens" into broader user awareness. Users moved beyond simply questioning the legitimacy of these services to focus on practical concerns: Where do cheap tokens truly come from? Is the model being accessed the real one? Can relay stations see prompts, code, and API keys? For occasional users, are the risks worth it? The core debate centered less on price and more on trust. A primary worry is model authenticity—the risk of "model swapping," where users paying for a premium model might be routed to a cheaper one, creating an information asymmetry. Others argued that cost comparisons matter; while cheaper than official pay-as-you-go APIs, relay stations may not be the lowest-cost option versus subscriptions, domestic models, or free tiers, making user needs assessment crucial. Speculation about token sources ranged from legitimate bulk discounts to gray-area methods like account sharing or exploiting regional pricing. This opacity makes risk assessment difficult for users. Data security emerged as a critical concern, especially for enterprise use. When processing sensitive information like code, contracts, or client data, the inability to verify a relay station's data handling, retention, or access policies poses significant compliance and confidentiality risks. The evolving consensus suggests relay stations can be used cautiously for low-sensitivity, disposable tasks (e.g., summarizing public info, simple translation). However, they should not be the default for sensitive, professional, or production workflows involving proprietary data, Agents, or automated systems. Recommendations include avoiding large prepayments, not relying on a single service, using test prompts to monitor quality, anonymizing data where possible, and keeping official channels as backups. Ultimately, the discussion framed tokens not just as a billing unit but as a measure of real cost encompassing price, model integrity, data security, and service stability. The popularity of relay stations highlights user demand for affordable access, but the debate underscores a key trade-off: the savings from cheap tokens may come at the price of trust, transparency, and control over one's data and AI experience.

marsbit1 h fa

AI Relay Stations Spark Heated Debate on Zhihu: Behind Cheap Tokens, What Are Users Really Worried About?

marsbit1 h fa

Trading

Spot

Futures