AI-powered hacking puts all DeFi at risk, warns former OpenZeppelin CTO

Manuel Aráoz, the co-founder and former chief technology officer of OpenZeppelin, the blockchain security firm behind the widely used OpenZeppelin smart contract libraries, has issued a stark warning: decentralized finance is no longer safe. In an interview published Tuesday, Aráoz stated that artificial intelligence coding agents have become “superhuman” at finding and exploiting vulnerabilities in smart contracts, rendering traditional security measures obsolete.

“I consider all of DeFi unsafe now,” Aráoz said. “The pace at which AI can analyze, test, and weaponize flaws in smart contracts far exceeds what any human team can defend against. We have entered a new era of asymmetric risk.”

Aráoz, who left OpenZeppelin in 2019 after playing a pivotal role in building the security infrastructure that underpins much of the Ethereum ecosystem, is not alone in his concerns. The number of high-profile DeFi exploits has surged in the past year, with attackers draining over $1.1 billion from protocols between mid-2025 and mid-2026. Among the most notable incidents were the $200 million hack of Kelp DAO in February 2026 and the $85 million attack on Solana-based Step Finance in April 2026.

The total value locked (TVL) in DeFi has plummeted by more than $20 billion since the start of 2026, according to data from DeFi Llama. While part of that decline is attributed to broader market conditions, the accelerating pace of hacks has eroded user confidence.

The rise of AI coding agents

At the center of the new threat are advanced AI models capable of writing and debugging code, such as OpenAI’s GPT-5 and Anthropic’s restricted Claude Mythos. Unlike earlier AI assistants that could only suggest fixes, these new models can autonomously audit entire codebases, generate exploit payloads, and even execute attacks without human intervention.

According to security researchers who have tested Claude Mythos in controlled environments, the AI can identify zero-day vulnerabilities in complex Solidity contracts within minutes, a task that would take a team of expert auditors days or weeks. “What we’re seeing is a fundamental shift,” said a lead researcher at a blockchain security firm who spoke on condition of anonymity. “Before, hackers had to invest time and skill to find bugs. Now, AI does the work for them, and it does it better.”

Aráoz pointed to the transparency of DeFi as a key weakness. “Smart contracts are public by design. Anyone can read the code, test it, and search for flaws. With AI, that search is not just scalable but autonomous. An attacker can set an AI agent to scan hundreds of protocols overnight and return a list of exploitable contracts by morning.”

OpenZeppelin's legacy and the changing security landscape

OpenZeppelin has long been considered the gold standard for smart contract security. Its audited libraries are used by thousands of projects, from small DeFi tokens to major Ethereum L2s. However, Aráoz argued that even the best audits cannot keep up with AI-powered exploitation. “An audit is a snapshot in time. After the audit, if new vulnerabilities are discovered or if the AI finds a way to combine functions in a way the auditors didn’t anticipate, the contract is exposed.”

He also cautioned against relying on bug bounties or formal verification. “Formal verification can prove certain properties, but it cannot prove that a contract is free from all possible exploits. AI is creative. It finds paths through the code that human mathematicians would never consider.”

Industry response and the search for solutions

The DeFi industry has been slow to respond to the AI threat. Most protocols still rely on human-led audits and traditional fuzzing tools. A few forward-thinking projects have begun integrating AI into their own security workflows, using the same technology to scan for vulnerabilities before attackers do. But this arms race is costly and requires expertise that many small protocols lack.

Meanwhile, some blockchain networks are touting architectural advantages. As noted in recent coverage, the XRP Ledger (XRPL) has proposed an amendment to block flash loan attacks, a class of exploit that has drained hundreds of millions from Ethereum-based DeFi. Because XRPL transactions are atomic and cannot include composable intra-transaction calls, flash loan attacks are structurally impossible on that network. This has led some analysts to argue that networks with simpler, non-composable architectures may be inherently safer in the age of AI.

However, Aráoz dismissed the notion that any chain is immune. “Flash loans are one vector, but AI can exploit countless others—oracles, reentrancy, slippage manipulation. The attack surface is vast, and AI can probe every corner simultaneously.”

Career highlights and credibility

Manuel Aráoz is uniquely positioned to comment on smart contract security. Before co-founding OpenZeppelin in 2015, he worked on cryptographic protocols and secure messaging. Under his technical leadership, OpenZeppelin released the industry’s first standard library of audited Solidity contracts, which became the foundation for the ERC-20 and ERC-721 token standards. He also contributed to the early design of the Ethereum security toolkit Truffle and served as a technical advisor for several blockchain startups.

Since leaving OpenZeppelin, Aráoz has focused on broader AI safety issues and has spoken publicly about the risks of autonomous AI agents. His current startup, Veridise, develops formal verification tools for smart contracts, but he acknowledges that even those tools may not be enough. “We are in a race between AI that protects and AI that attacks, and right now the attackers have the advantage.”

Historical context of DeFi hacks

The DeFi sector has experienced numerous high-profile hacks since its explosion in popularity in 2020. The DAO hack in 2016, though not strictly DeFi, previewed the risks of flawed code. In 2021, the Poly Network attack resulted in the theft of $600 million, later returned. The Ronin Bridge hack in 2022 drained $620 million. But the scale of attacks has grown as AI tools become more accessible.

In the past 12 months, hacks have targeted all major DeFi chains: Ethereum, Solana, Binance Smart Chain, and Avalanche. The Kelp DAO attack exploited a flash loan combined with a price oracle manipulation, while Step Finance's vulnerability lay in an unverified upgrade mechanism. Both incidents were discovered and exploited within hours of the vulnerability being introduced—a timeframe that suggests automated scanning was involved.

What the future holds

As AI models continue to improve, the cost of mounting an attack drops. A single powerful AI subscription can be used to probe thousands of contracts daily. Defenders, by contrast, must secure each contract individually. This asymmetry is what Aráoz calls “the fundamental math problem of DeFi security.”

Some in the industry propose moving away from transparent contracts to zero-knowledge proofs and off-chain computation. Others advocate for formal verification to become a mandatory requirement for listing on major exchanges. But Aráoz remains skeptical. “We can’t code our way out of this. We need a new paradigm—perhaps insurance pools that accurately price risk, or decentralized dispute resolution that can reverse fraudulent transactions. But those solutions are years away.”

In the meantime, the former OpenZeppelin founder advises retail investors to treat all DeFi as experimental. “Don’t put money into a protocol unless you are prepared to lose it. Even audited, battle-tested contracts are vulnerable. The AI doesn’t care about your trust assumptions.”

His warning echoes across the crypto community. As DeFi TVL continues to drop and the list of exploits grows longer, the question is no longer whether AI will disrupt DeFi security, but whether any defense can be built before the entire sector collapses under the weight of automated attacks.

Source: Coindesk News