OpenZeppelin founder warns all of DeFi is unsafe amid security breaches

The co-founder of one of crypto’s most trusted security firms just told everyone he knows to get out of DeFi. That’s not a random anon on Twitter. That’s the guy whose company literally writes the code libraries that most DeFi protocols are built on.

Manuel Aráoz, co-founder of OpenZeppelin, declared on May 26 that he now considers the entire DeFi sector unsafe. He went further, saying he has personally urged friends and family to withdraw their positions from major lending protocols including Aave, MakerDAO, and Compound.

The asymmetry problem

Aráoz’s argument boils down to a concept that security professionals have understood for decades but rarely state this bluntly in public: defenders have to be right every single time, while attackers only need to be right once.

In English: a smart contract audit might catch 99 out of 100 vulnerabilities. The one it misses is all an attacker needs to drain the entire protocol. And that math was already unfavorable before AI entered the picture.