Is DeFi's Security Model Broken?

"PSA: I now consider all of DeFi unsafe.

Coding agents are superhuman at finding vulnerabilities, and smart contract security is too asymmetric: defenders need to fix every bug while attackers need just one exploit to steal funds.

I’ve been privately advising friends and family to exit all DeFi positions including low-risk "blue chips" like Aave, MakerDAO & Compound."

Manuel Aráoz, co-founder and former CTO of OpenZeppelin, tweeted these thoughts yesterday, and they set off uproar across the timeline.

Of course, OpenZeppelin is the firm behind the most widely used Solidity libraries and boasts one of the largest smart contract audit practices in the industry. The company has since clarified that Aráoz left in 2019 and his views don't reflect their position. Still, I fully understand where Aráoz's coming from.

Last month set a record for the most onchain exploits in crypto's history, at a pace of nearly one a day, totaling more than $625M stolen. Drift and KelpDAO took the bulk, but the smaller hits spanned the full surface: lending pools, vaults, oracles, bridges, admin controls. The attack surface keeps widening, with AI helping attackers find routes beyond smart contract bugs alone.

The Asymmetry Is Real

There's a fundamental asymmetry at play. Defenders must patch every bug. Attackers just need one.

If "supermodels" like Mythos can surface 1000s of high-severity bugs that lay dormant for decades, surviving millions of automated tests, imagine what they'll do to a language like Solidity, which has only existed for 12 years. DeFi has had less than half the time to battle-harden the language it's built on, and the tools doing the testing are getting rapidly stronger and cheaper. It only cost Mythos $50 to discover a 25-year old bug.

The Trajectory

When Alpen Yukseloglu came on Bankless to discuss EVMBench, the Paradigm/ OpenAI benchmark on smart contract vulnerabilities, he shared how they found models jumping from 12-13% detection of fund-draining bugs to above 70% with 5.3 Codex over the course of six months.

It’s been nearly three months since then and we're already at 5.5, a model so capable it prompted a mass exodus from Claude. There's no doubt it's being used for offense here, if only to some degree. And while 5.5 isn't Mythos-level, Anthropic has made clear it wants to release Mythos publicly. That likely forces OpenAI to ship its own cybersecurity model, 5.5-Cyber, in response.

AI Now Finds 70% of Smart Contract Exploits | Alpin Yukseloglu on Bankless

AI is getting dangerously good at smart contract security. Faster than crypto is ready for.

BanklessBankless

The Math Is Already Broken

It's happening less than it was, but people still treat "low-risk DeFi" products like vaults or Aave as equivalent to savings accounts. $11.8 billion sits in Morpho vaults earning 2-4% APY. Most of that capital arrived through Coinbase, Kraken, or similar interfaces.

Consider the risk-reward profile. In the vast majority of these positions, people are risking total loss on their capital to earn single-digit returns. It's no wonder the market's turned to perps and memecoins. Degenerate, sure, but the risk-reward math vastly outperforms DeFi. Even beyond AI, we have the North Korea exploit engine who runs sophisticated attack campaigns, their D(rift)-Day “mission” for built up over six months, and the math on a 3% APY vault seems comical.

Can DeFi Survive Mythos? on Bankless

The existential threats facing DeFi, the risk users are taking on, and the nascent solutions.

BanklessDavid Christopher

Tools Cut Both Ways

The case for staying is that these models cut the cost of defense as fast as they cut the cost of offense.

Agentic allocator Zyfai is a live example. Their agents flagged the Aave and KelpDAO conditions early, rebalanced into safer pools, and held capital unallocated when nothing cleared their risk thresholds. That's a company self-report, so apply the appropriate grain of salt. But the architecture is right. An agent watches live data around the clock, enforces a predefined risk budget, and refuses to allocate when conditions don't qualify, all under smart account permissioning with session keys and spending caps. That's a defensive layer humans can't match on attention or speed.

Agents and x402 Make DeFi Safer on Bankless

When used properly, agents can shrink DeFi’s attack surface while helping users react to live risk before it becomes damage.

BanklessDavid Christopher

The same logic extends to insurance. Onchain coverage has been a footnote for years. Nexus Mutual, the longest-running protocol, has paid only $18.6M in claims across its entire history while crypto lost $3.4B to hacks in 2025 alone. The product has been narrow, the premiums heavy, the friction high. New constructions are starting to fix that. OpenCover's Covered Vaults stream premiums out of yield rather than billing depositors separately, and a Vaults.fyi partnership now surfaces coverage data alongside risk metrics through the same endpoint. Tools like these are great and I expect a sharp rise in insurance protocols and coverage adoption from here.

Aráoz's diagnosis is right, though a little trite. His prescription, exit everything, is certainly alarmist, though unfortunately reinforced by another exploit today. While I believe we more so need agents on defense and more comprehensive insurance protocols rather than to scrap the whole system, I'm personally sidelined on DeFi and expect to be for some time.