Aráoz pointed out that the rapid development of automated coding agents has significantly altered the balance between attackers and developers. These systems can identify vulnerabilities at a speed that exceeds the capacity of security teams to respond, leading to a continuous increase in the attack risks for multiple protocols. Furthermore, Aráoz emphasized that the security of smart contracts remains highly asymmetric, as protocol developers must eliminate all potential vulnerabilities before deployment, while attackers only need one successful attack to steal millions of dollars from affected platforms within minutes. His warning comes in the context of decentralized finance (DeFi News) protocols experiencing a series of security incidents involving cross-chain bridges, lending systems, and internal wallet operations, despite increased spending across the industry on audits and infrastructure upgrades.
Aráoz stated, “I now believe all DeFi News is unsafe.”
Encoding agents exhibit superhuman capabilities in discovering vulnerabilities, while the security of smart contracts is overly asymmetric: defenders need to fix all vulnerabilities, while attackers only need to find one vulnerability to steal funds.
Major attack incidents continue to undermine confidence in DeFi News platforms
Despite reported losses being relatively small, the security challenges in May were still evident, with Verus Network confirming an Ethereum bridge attack valued at approximately $11.6 million, while Polymarket acknowledged a $573,200 vulnerability related to a possible private key leak involving internal wallet operations.
Aráoz's warning intensifies concerns over the security of decentralized finance, as recurring attack incidents affect both major protocols and smaller platforms, while the decline in total locked value indicates that, despite the industry's ongoing efforts to strengthen security measures, investors remain increasingly cautious.