Aviso de um grande auditor de primeira linha: Todos os DeFi não são seguros, retire-se rapidamente!

Original | Odaily Planet Daily (@OdailyChina)

Author | Azuma (@azuma_eth)

“I believe all DeFi is no longer safe.”

OpenZeppelin founder Manuel Aráoz’s statement left yesterday on X, like a deep water bomb, once again impacting the already stagnant DeFi market.

Manuel even stated that he has begun advising friends and family to withdraw funds from major DeFi protocols, including blue-chip protocols once considered low-risk such as Aave, MakerDAO, and Compound.

This is not a warning from an outsider. On the contrary, Manuel himself is one of the core builders of the DeFi security system, and OpenZeppelin is one of the industry’s most mainstream security auditing companies. Its contract libraries, security standards, and auditing frameworks have almost permeated the entire DeFi world.

The reason behind Manuel’s complete shift in attitude lies in AI. Manuel pessimistically believes that, AI Coding Agents are exponentially enhancing their ability to identify and exploit smart contract vulnerabilities.

This means that problems that previously took top white-hat teams weeks to discover might now be scanned and identified by AI in minutes; hackers who once needed long-term study of protocol logic can now directly analyze attack paths automatically with AI; the once advantageous “public transparency” of DeFi is now turning into the best training data for attackers.

Manuel also mentioned a more deadly issue, smart contract security is essentially an extremely asymmetric game — defenders must fix all vulnerabilities, while attackers only need to find one to steal funds. As AI begins to exponentially improve attack efficiency, this asymmetry is rapidly unbalancing.

Cold reality: DeFi is now a hacker’s提款机

Looking back at recent months of DeFi security incidents, you will find Manuel’s concerns are not exaggerated.

April was almost the worst month in DeFi history.

• On April 1st, April Fools’ Day, Drift Protocol was robbed of $280 million due to management permission hijacking and multi-signature execution vulnerabilities (see “April Fools’ Joke? Drift Protocol stolen over $280 million, possibly the second largest DeFi hack on Solana ecosystem”).*
• Later, on April 19th, Kelp DAO was hacked through a bridge protocol breach, losing $292 million (see “DeFi robbed again of $292 million, is Aave no longer safe?”), with hackers subsequently fleeing using Aave and other lending protocols, plunging the entire DeFi into bad debt and its ripple effects.

And after May, incidents not only did not decrease but further spread.

• On May 15th, THORChain was attacked. New node operators exploited a GG20 threshold signature scheme (TSS) vulnerability, reconstructed the vault’s private key, and executed outbound transactions, causing over $10 million in losses.*
• On May 18th, Verus’s bridge protocol was attacked. Attackers forged cross-chain payloads, bypassed verification, and withdrew assets from Ethereum reserves, stealing about $11.58 million.*
• On May 19th, Echo Protocol on Monad was attacked due to private key leakage. Attackers minted 1,000 eBTC (worth $76.7 million) and withdrew funds via a tested attack path through Curvance.*
• On May 24th, the compliant stablecoin issuer StablR under the MiCA regulatory system was attacked. Hackers profited over $2.8 million by minting EURR and USDR, causing EURR and USDR to depeg.*
• On May 25th, the SquidRouter module was attacked, resulting in approximately $3 million assets stolen from 86 Gnosis Safe wallets.*
• On May 27th, the private key of StakeDAO deployer was leaked on Arbitrum, with attackers minting about 5.45 trillion vsdCRV tokens and partially exchanging for 43.7 ETH to escape.*

Frequent security incidents have sounded the alarm. From on-chain code to off-chain management, DeFi seems to be losing ground across the board.

AI has become a hacker’s nuclear weapon

Why has DeFi’s attack and defense accelerated to the point of collapse this summer? Besides the evolution of traditional hacking techniques, the rapid advancement of AI large models is becoming the ultimate game-changer.

In the past, finding a complex smart contract vulnerability (especially involving cross-chain, multi-layer nesting, or extremely covert reentrancy logic) required top hackers weeks or months of code analysis. However, with mature AI agents capable of long context understanding, strong logical reasoning, and autonomous tool invocation, everything has changed.

• Second-level scanning and zero-day vulnerability discovery across the network: Attackers only need to feed open-source codebases into the new generation of AI reasoning models, which can then simulate hundreds of extreme interaction scenarios in seconds, precisely identifying boundary conditions missed by human auditors when tired.*
• Automated attack script generation: AI can not only discover vulnerabilities but also automatically write, test, and deploy “hacker smart contracts” to extract funds.
• Off-chain DevOps and social engineering orchestration: AI can impersonate perfect developers for phishing or monitor DeFi team’s GitHub commits around the clock. Once sensitive information or unverified patches are uploaded, AI can launch attacks within seconds — much faster than human security personnel can respond.

In this AI-augmented war of security offense and defense, hackers wield near-infinite ammunition and second-level attack speeds thanks to AI, while DeFi is limited by slow governance voting, multi-signature confirmations, and delayed security audits, making it difficult to respond defensively.

Last month, the AI development company Anthropic behind Claude announced the new model Mythos (see “Anthropic has developed the strongest AI model in history but dares not release it…”). It is the first human-made model with over one hundred trillion parameters (compared to current mainstream models with hundreds of billions to one trillion parameters), with a training cost of a staggering $1 billion.

However, due to Mythos’s specialized capabilities in cybersecurity (Anthropic disclosed that within weeks, Mythos identified thousands of zero-day vulnerabilities), Anthropic is even hesitant to publicly release the model, fearing malicious exploitation by hackers. Instead, they plan to let top-tier companies test and patch potential vulnerabilities through a “Glass Wing” program.

The current DeFi security situation remains extremely severe. It’s hard to imagine what new threats will emerge once Mythos is publicly released.

The biggest problem: the risk-reward ratio has long been unbalanced

For ordinary DeFi participants, liquidity providers (LPs), and whales, the most pressing issue now is to sit down and do the math.

For a long time, users have chosen to deposit funds into DeFi seeking annualized yields several times higher than traditional finance. During bull markets or liquidity mining frenzies, yields of 10%, 20%, or even higher were enough to offset concerns about “potential technical risks.”

But today, this underlying logic has been shaken or even overturned. The risk-reward ratio in DeFi is now unbalanced. On the yield side, as the market enters a stockpiling game, safety margins have thickened, and the real yields of most mainstream, relatively reliable DeFi protocols have fallen into single digits; on the risk side, users’ principal is exposed to a black box that could be hacked at any moment, with flash loans and other exploits potentially draining the entire pool within minutes, with no legal, insurance, or central bank backing.

Losing 100% of principal for a roughly 5% annualized return is clearly not a profitable deal.

Manuel’s words may be somewhat absolute, but they have torn off the last shroud of DeFi’s false pretenses. In the face of the reality that hackers now use AI as a routine weapon and security incidents are constantly erupting, if you are not prepared for losing 100% of your principal for a certain yield, then “withdraw quickly and lock in gains” might be the most rational and risk-controlled choice in the current market cycle.