Concerns about the security of Crypto have increased after Manuel Aráoz, co-founder of OpenZeppelin, said he has advised friends and family to exit all decentralized finance positions, including exposure to major credit protocols.
In a post published Tuesday on Even lower-risk positions associated with established protocols such as Aave, MakerDAO, and Compound were included in his warning.
PSA: I now consider *all* DeFi to be unsafe.
Coding agents are superhuman at finding vulnerabilities, and smart contract security is too asymmetric: defenders have to fix every bug, while attackers only need one exploit to steal money.
— Manuel Aráoz (@maraoz) May 26, 2026
Describing the current state of smart contract security, Aráoz said that coding agents have become “superhuman at finding vulnerabilities,” while developers are stuck in a system where “defenders have to fix every bug, while attackers only need one exploit to steal money.”
“I have privately advised friends and family to exit all DeFi positions, including low-risk blue chips like Aave, MakerDAO and Compound,” he added.
Aráoz’s comments came as the crypto industry continues to face one of the most damaging periods for DeFi exploits since the $1.5 billion Bybit hack in February 2025.
DeFi operations surpass $600 million in April
DefiLlama data showed that approximately $629.7 million was stolen from DeFi protocols in April alone, making it the worst month for crypto-related hacks in more than a year. Two attacks were responsible for the most losses.
One of the biggest incidents saw Drift Protocol lose approximately $285 million after attackers allegedly used a social engineering campaign that lasted six months.
Kelp DAO suffered another $293 million exploit related to vulnerabilities in its cross-chain bridge infrastructure. Security researchers and blockchain researchers have widely linked both attacks to North Korean state-backed hacking groups.
DefiLlama recorded 27 DeFi exploit incidents in April. At the same time, the total value of DeFi protocols fell by about 14% from mid-April levels, from nearly $172 billion to about $148 billion.
The concentration of losses largely stemmed from bridge-related weaknesses, privileged access errors, and operational errors rather than just isolated coding errors.
Outside of the two largest breaches, several smaller attacks continued to hit the protocols throughout the month. As previously reported by crypto.news, Wasabi Protocol lost approximately $5.5 million across Ethereum, Base, Blast and Berachain networks during an active exploit.
Move-to-earn platform Sweat Economy also reported losses of around $3.46 million after attackers drained nearly 65% of its liquidity pool in less than 30 seconds. The project later said that some of the stolen assets on MEXC had been frozen while recovery efforts continued.
We are pleased to confirm that ALL external account balances have been fully restored and operations have returned to normal.
We appreciate the support and advice from the community that helped us resolve this quickly.
Special thanks to @MEXC for quickly freezing… pic.twitter.com/9hvhIpmB5A
– SWEAT💧 (@SweatEconomy) April 29, 2026
Meanwhile, decentralized trading platform Aftermath Finance on the Sui blockchain lost almost $1.1 million $USDC from its perpetuals platform. Blockchain security firm Blockaid said the attacker made 11 transactions in about 36 minutes.
🚨 Blockaid has detected and flagged an active exploit on @AftermathFi Perpetuals on @SuiNetwork.
~$1.1 million $USDC was cleared in about 36 minutes in 11 transactions by attacker 0x1a65086c85114c1a3f8dc74140115c6e18438d48d33a21fd112311561112d41e. The exploit targeted a bug in the perpetrator…— Blockaid (@blockaid_) April 29, 2026
Smaller attacks continue into May
Although May did not cause losses on the scale of April, security incidents continue to occur in the DeFi sector.
One of the latest cases was when Verus Network’s Ethereum bridge was exploited for $11.6 million. Prediction marketplace platform Polymarket also disclosed a $573,200 breach last week, which the company said may have involved a compromised private key linked to an internal top-up wallet.