Manuel Aráoz, co-founder and former CTO of OpenZeppelin, declared on May 26 that he considers all DeFi unsafe, advising family and friends to exit every position, including blue-chips like Aave, MakerDAO, and Compound. The statement went viral on X within hours. The backlash from the industry was swift and sharp.
The Thesis: AI Agents Broke the Security Balance
Aráoz builds his argument on an asymmetry as old as cybersecurity itself. Defenders must close every vulnerability. Attackers only need to find one. When bug-hunting relied on human teams, that race was manageable. Now AI coding agents scan thousands of smart contracts in parallel, around the clock, at speeds no manual audit can match. This is not theoretical. A report by Anthropic Fellows, covered previously by SpazioCrypto, simulated exploits totalling $4.6 million on contracts the models had never seen before. When an AI identifies a flaw it was not trained on, that flaw was real.
The warning originated on X in a post that spread rapidly on May 26, 2026. Read Manuel Aráoz's post (@maraoz), May 26, 2026.
The Counter-Argument: “An Idiotic Thing to Say”
Functionally, marc Zeller, founder of the Aave Chan Initiative, did not mince words. He called Aráoz's post senseless, pointing directly to data. According to Zeller, less than 10% of DeFi losses over the past year stemmed from code bugs. The remainder came from misconfigured risk parameters, poor collateral management, and weak operational security. The problem, Zeller argues, is rarely the smart contract itself. It's who holds the keys, who sets the limits, who manages access.
OpenZeppelin itself distanced the company from Aráoz's conclusions, noting that losses across 2025 exceeded $3.4 billion, according to the firm's own analysis, and that the majority trace back to compromised credentials rather than smart contract vulnerabilities. The company has since launched Skills, a system that gives AI agents authoritative knowledge of pre-audited libraries, moving the defensive line further upstream in the development process.
DeFi Total TVL 2026 (billions of dollars)
Source: DefiLlama · May 2026
Source: DefiLlama · May 2026
Is DeFi Still Worth the Risk in 2026?
The honest answer sits between both positions, and the numbers frame it clearly. Over the past 365 days, DeFi hacks have drained more than $1.1 billion, according to DefiLlama data. April 2026 alone saw nearly $630 million lost across at least 27 separate exploits, making it the worst month since the Bybit incident. The largest single attack was a $292 million exploit targeting the Kelp DAO bridge, attributed to North Korea's Lazarus Group. Drift followed with $285 million lost, and Step Finance closed out the month with a $27 million breach.
Total value locked across DeFi protocols dropped from roughly $172 billion in January to $148 billion in May 2026, per DefiLlama figures. The trajectory is not a reassuring one. The practical rule still holds: protocols with a proven track record like Aave justify their premium, while newer high-yield options carry proportionally higher risk. Hardware wallet security, as any serious on-chain participant knows, remains the first line of defence.
KEY FIGURES
DeFi losses (last 365 days)........ over $1.1 billion
April 2026 losses alone............ approx. $630 million
April 2026 exploits................ at least 27
Kelp DAO hack (April 18)........... $292 million
TVL change Jan to May 2026......... $172B to $148B
Share of losses from code bugs..... under 10% (per Zeller)
Source: DefiLlama, Aave Chan Initiative · May 2026
One observation reframes the whole dispute. Even if Zeller is right that code bugs account for under 10% of losses, AI agents are shifting precisely that 10%, the technical attack surface, decisively toward attackers. Aráoz may overstate his conclusion while still being correct about the direction of travel. Analysts tracking DeFi security point to three concrete requirements for the sector's survival: real-time on-chain monitoring with automatic circuit-breakers, formal verification at scale, and governance systems capable of responding to an exploit in minutes rather than hours. Until those are standard, the risk is not an accident. It's architecture.
