“All of DeFi is Unsafe” - OpenZeppelin Founder Warns Against Coding Agent Security Threats

Best known for writing one of crypto’s biggest open source security standards, OpenZeppelin founder Manuel Aráoz is advising friends and family to exit DeFi entirely.

Echoing the concerns Anthropic has expressed over its unreleased Mythos model, Aráoz argues that coding agents are becoming exceptionally adept at finding and exploiting vulnerabilities.

Industry leaders have pushed back on Aráoz’s position, accusing the OpenZeppelin founder of fearmongering. Despite mounting fears over DeFi security, monthly onchain hack volume dropped 93% from April to May as users and teams adopt more vigilant security practices.

Manuel Aráoz Encourages Users to Exit DeFi

Manuel Aráoz, founder of OpenZeppelin, an open source security standard through which $36.2T worth of capital has been transferred, appears to be giving up on DeFi. 

With over $634M lost to DeFi hacks and exploits in April 2026 and coding agents becoming increasingly powerful, Aráoz is warning his friends and family to pull their funds offchain. Many social media commentators immediately pushed back on the Open Zeppelin founder’s position, stating that most of today’s exploits are due to opsec faults and social engineering attacks, rather than contract faults. 

Aráoz promptly refuted these claims, arguing that coding agents are equally capable of exploiting these vulnerabilities.

Other crypto market participants refuse to downplay the risk, attesting that Aráoz’s credentials accentuate the severity of what’s currently at stake. 

While relatively unknown amongst the Solana community, OpenZeppelin is arguably one of the foundational pillars of EVM DeFi, powering the infrastructure behind $136B in TVL across 410M active wallets.

In a public statement, OpenZeppelin has distanced itself from Aráoz’s commentary, assuring the DeFi community that the founders position does not reflect that of the company and reminded concerned parties that Aráoz left the firm in 2019.

Crypto Thought Leaders Push Back on “Fearmongering”

On the other side of the coin, some industry leaders have called out Aráoz’s posturing as nothing more than ‘fearmongering’ at best, and a commercially-driven marketing tactic at worst. 

Alliance representative Jacob Franek argues that “if this were true, every major DeFi protocol, especially those with significant TVL, would have been exploited by now”. Franek asserts that this is a temporary problem, asserting that models sophisticated enough to find vulnerabilities will also apply this potency when writing new contracts, ultimately leading to a more resilient DeFi economy.

Meanwhile, increased adoption of emerging technologies like Formal Verification bolster blockchain security further than ever. Security firms like Certora argue that Formal Verification is the answer to many of the impending AI-assisted security threats, reinforcing a thesis held by Ethereum creator Vitalik Buterin.

Solana DeFi TVL Struggling to Bounce Back After April Losses

After a devastating month for hacks and exploits in April which saw attackers steal $634M from the onchain economy, crypto evangelists are yet to regain their confidence in DeFi. 

While May has been a significantly better month for DeFi, with the amount of funds lost to hacks totalling $44M, a 93% reduction since April, Solana TVL has remained relatively flat, suggesting users are not ready to begin deploying capital into the onchain economy just yet.

Read More on SolanaFloor

Confidential vesting goes live on Solana

Umbra Launches Private Token Vesting in Collaboration with Streamflow

What Does SpaceX’s Trillion-Dollar IPO Mean for Crypto?