{"id":29822,"date":"2026-05-27T08:02:34","date_gmt":"2026-05-27T08:02:34","guid":{"rendered":"https:\/\/bitunikey.com\/news\/openzeppelins-manuel-araoz-advises-exiting-defi-calls-it-unsafe\/"},"modified":"2026-05-27T08:02:47","modified_gmt":"2026-05-27T08:02:47","slug":"openzeppelins-manuel-araoz-advises-exiting-defi-calls-it-unsafe","status":"publish","type":"post","link":"https:\/\/bitunikey.com\/news\/openzeppelins-manuel-araoz-advises-exiting-defi-calls-it-unsafe\/","title":{"rendered":"OpenZeppelin\u2019s Manuel Ar\u00e1oz advises exiting DeFi, calls it unsafe"},"content":{"rendered":"<p><\/p>\n<div class=\"post-detail__content blocks\">\n<p class=\"is-style-lead\">Crypto security concerns have intensified after OpenZeppelin co-founder Manuel Ar\u00e1oz said he has advised friends and family to exit all decentralized finance positions, including exposure to major lending protocols.<\/p>\n<div id=\"cn-block-summary-block_988d462c8577606f0091272ee3efe7f3\" class=\"cn-block-summary\">\n<div class=\"cn-block-summary__nav tabs\">\n        <span class=\"tabs__item is-selected\">Summary<\/span>\n    <\/div>\n<div class=\"cn-block-summary__content\">\n<ul class=\"wp-block-list\">\n<li>OpenZeppelin co-founder Manuel Ar\u00e1oz said he has advised friends and family to exit all DeFi positions, including exposure to Aave, MakerDAO, and Compound.<\/li>\n<li>DeFi protocols lost nearly $630 million to hacks in April, with Drift and Kelp DAO accounting for most of the monthly losses.<\/li>\n<li>Total value locked across the DeFi market has fallen roughly 14% since mid April as exploit incidents continued into May.<\/li>\n<\/ul><\/div>\n<\/div>\n<p><!-- .cn-block-summary --><\/p>\n<p>In a post published Tuesday on X, Ar\u00e1oz said he no longer considers \u201call of DeFi\u201d safe, arguing that the balance between attackers and defenders has tilted too far in favor of hackers. Even lower-risk positions tied to established protocols such as Aave, MakerDAO, and Compound were included in his warning.<\/p>\n<figure class=\"wp-block-embed is-type-rich is-provider-twitter wp-block-embed-twitter\">\n<div class=\"wp-block-embed__wrapper\">\n<blockquote class=\"twitter-tweet\" data-width=\"550\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">PSA: I now consider *all* of DeFi unsafe.<\/p>\n<p>Coding agents are superhuman at finding vulnerabilities, and smart contract security is too asymmetric: defenders need to fix every bug while attackers need just one exploit to steal funds.<\/p>\n<p>\u2014 Manuel Ar\u00e1oz (@maraoz) <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/twitter.com\/maraoz\/status\/2059413451265441990?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"nofollow\">May 26, 2026<\/a><\/p><\/blockquote>\n<\/div>\n<\/figure>\n<p>Describing the current state of smart contract security, Ar\u00e1oz said coding agents have become \u201csuperhuman at finding vulnerabilities,\u201d while developers remain trapped in a system where \u201cdefenders need to fix every bug while attackers need just one exploit to steal funds.\u201d<\/p>\n<p>\u201cI\u2019ve been privately advising friends and family to exit all DeFi positions, including low-risk \u201cblue chips\u201d like Aave, MakerDAO &amp; Compound,\u201d he added.\u00a0<\/p>\n<p>Ar\u00e1oz\u2019s comments arrived as the crypto industry continues dealing with one of the most damaging periods for DeFi exploits since the $1.5 billion Bybit hack in February 2025.<\/p>\n<h2 class=\"wp-block-heading\">DeFi exploits cross $600 million in April<\/h2>\n<p>Data from <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/defillama.com\/hacks\" target=\"_blank\" rel=\"nofollow\">DefiLlama<\/a> showed that roughly $629.7 million was stolen from DeFi protocols in April alone, making it the worst month for crypto-related hacks in more than a year. Two attacks accounted for most of the losses.<\/p>\n<p>Among the largest incidents, Drift Protocol lost about $285 million after attackers reportedly used a social engineering campaign that lasted six months.\u00a0<\/p>\n<p>    <!-- .cn-block-related-link --><\/p>\n<p>Kelp DAO suffered another $293 million exploit tied to vulnerabilities in its cross-chain bridge infrastructure. Security researchers and blockchain investigators have widely linked both attacks to North Korean state-backed hacking groups.<\/p>\n<p>DefiLlama recorded 27 DeFi exploit incidents during April. At the same time, the total value locked across DeFi protocols dropped about 14% from mid-April levels, falling from nearly $172 billion to around $148 billion.<\/p>\n<p>The concentration of losses came largely from bridge-related weaknesses, privileged access failures, and operational mistakes instead of isolated coding bugs alone.<\/p>\n<p>Outside the two largest breaches, several smaller attacks continued to hit protocols through the month. As previously reported by crypto.news, Wasabi Protocol lost roughly $5.5 million across Ethereum, Base, Blast, and Berachain networks during an active exploit.<\/p>\n<p>Move-to-earn platform Sweat Economy also reported losses of about $3.46 million after attackers drained nearly 65% of its liquidity pool in under 30 seconds. The project later said some of the stolen assets had been frozen on MEXC while recovery efforts continued.<\/p>\n<figure class=\"wp-block-embed is-type-rich is-provider-twitter wp-block-embed-twitter\">\n<div class=\"wp-block-embed__wrapper\">\n<blockquote class=\"twitter-tweet\" data-width=\"550\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">We are pleased to confirm that ALL external account balances have been fully restored and operations are back to normal.<\/p>\n<p>We deeply appreciate the support and advice from the community that helped us to resolve this quickly.<\/p>\n<p>Special thanks goes to <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/twitter.com\/MEXC?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"nofollow\">@MEXC<\/a> for prompt freezing of\u2026 <a rel=\"nofollow\" target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/t.co\/9hvhIpmB5A\">pic.twitter.com\/9hvhIpmB5A<\/a><\/p>\n<p>\u2014 SWEAT\ud83d\udca7 (@SweatEconomy) <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/twitter.com\/SweatEconomy\/status\/2049588862352060474?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"nofollow\">April 29, 2026<\/a><\/p><\/blockquote>\n<\/div>\n<\/figure>\n<p>Meanwhile, on the Sui blockchain, decentralized trading platform Aftermath Finance lost nearly $1.1 million in USDC from its perpetuals platform. Blockchain security firm Blockaid said the attacker carried out 11 transactions over approximately 36 minutes.<\/p>\n<figure class=\"wp-block-embed is-type-rich is-provider-twitter wp-block-embed-twitter\">\n<div class=\"wp-block-embed__wrapper\">\n<blockquote class=\"twitter-tweet\" data-width=\"550\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">\ud83d\udea8 Blockaid detected and flagged an active exploit on <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/twitter.com\/AftermathFi?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"nofollow\">@AftermathFi<\/a> Perpetuals on <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/twitter.com\/SuiNetwork?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"nofollow\">@SuiNetwork<\/a>.<br \/>~$1.1M USDC was drained across 11 transactions in ~36 minutes by attacker 0x1a65086c85114c1a3f8dc74140115c6e18438d48d33a21fd112311561112d41e. The exploit targeted a bug in the perp\u2026<\/p>\n<p>\u2014 Blockaid (@blockaid_) <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/twitter.com\/blockaid_\/status\/2049446321686237558?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"nofollow\">April 29, 2026<\/a><\/p><\/blockquote>\n<\/div>\n<\/figure>\n<h2 class=\"wp-block-heading\">Smaller attacks continue in May<\/h2>\n<p>Although May has not produced losses on the scale seen in April, security incidents have continued across the DeFi sector.<\/p>\n<p>Among the latest cases, Verus Network\u2019s Ethereum bridge was exploited for $11.6 million. Prediction market platform Polymarket also disclosed a $573,200 breach last week that the company said may have involved a compromised private key tied to an internal top-up wallet.<\/p>\n<p>    <!-- .cn-block-related-link --><\/p>\n<\/p><\/div>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Crypto security concerns have intensified after OpenZeppelin co-founder Manuel Ar\u00e1oz said he has advised friends and family to exit all decentralized finance positions, including exposure to major lending protocols. Summary&hellip;<\/p>\n","protected":false},"author":1,"featured_media":29823,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-29822","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cryptocurrency"],"_links":{"self":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts\/29822","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/comments?post=29822"}],"version-history":[{"count":1,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts\/29822\/revisions"}],"predecessor-version":[{"id":29824,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts\/29822\/revisions\/29824"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/media\/29823"}],"wp:attachment":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/media?parent=29822"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/categories?post=29822"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/tags?post=29822"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}