As cryptocurrency security issues escalate, OpenZeppelin co-founder Manuel Aráoz has publicly stated that he has advised friends and family to exit all decentralized finance (DeFi News) investments, including exposure to major lending protocols. In a post released on Tuesday, Aráoz expressed that he no longer believes "all DeFi News is safe," noting that the balance of power between attackers and defenders has clearly shifted in favor of hackers. His warning even extends to low-risk investments associated with well-known protocols such as Aave, MakerDAO, and Compound.
Aráoz wrote on social media: "I now believe *all* DeFi News is unsafe. Programmers have surpassed ordinary people in discovering vulnerabilities, and the security of smart contracts is asymmetric: defenders need to fix every vulnerability, while attackers only need to find one exploit to steal funds." He added, "I have been privately advising friends and family to exit all DeFi News investments, including low-risk 'blue-chip' projects like Aave, MakerDAO, and Compound."
Aráoz's comments come at a time when the crypto industry is facing one of the worst periods of DeFi News vulnerabilities since the $150 million Bybit hack on February 15, 2025. According to records from DefiLlama, there were 27 DeFi News exploit incidents during April. Meanwhile, the total value locked in DeFi News protocols dropped approximately 14% from nearly $172 billion in mid-April to about $148 billion.
The losses were primarily concentrated in vulnerabilities related to bridging, privilege access failures, and operational errors, rather than isolated coding flaws. The move-to-earn platform Sweat Economy reported that attackers stole nearly 65% of its liquidity pool funds in less than 30 seconds, resulting in a loss of about $3.46 million. The project later stated that some of the stolen assets have been frozen on MEXC, and recovery efforts are ongoing.
Meanwhile, on the Sui blockchain, the decentralized exchange Aftermath Finance lost nearly $1.1 million in USDC on its perpetual contract platform. Blockchain security firm Blockaid reported that attackers executed 11 transactions in about 36 minutes. This incident underscores the ongoing security risks in the DeFi News space, necessitating heightened vigilance among participants.