| 24h Majors & Movers | ||||||
|
BTC $75.1k | ↘ 2% |
|
HYPE $60 | ↘ 4% | |
|
ETH $2.1k | ↘ 1% |
|
AR $2.3 | ↗ 10% | |
|
SOL $84 | ↘ 0% |
|
EUL $1.3 | ↗ 9% | |
Sponsor: MetaMask – Live now: Win a share of $100K with the Ondo Trading Challenge.
Enjoying this article?
Subscribe to Bankless or sign in
- 🔮 According to The Information, Polymarket has started offering users faster trading UX if they opt into ID verification, a clear overture to regulators around the globe who have been applying increasing pressure to the prediction market platform.
- 🪪 Speaking of ID, Aztec Labs just acquired Obsidion, the minds behind ZKPassport, a tool that lets you prove your personal details without uploading data to an app, website, etc. The Obsidion team is staying on to develop this resource plus new products.
- 🧾 Jupiter launched Offerbook, a P2P fixed-term lending protocol on Solana where you can borrow against any onchain asset, including NFTs, RWAs, and more. Lenders set their rates, LTVs, and durations, while borrowers fill offers or post their own.
"PSA: I now consider all of DeFi unsafe.
Coding agents are superhuman at finding vulnerabilities, and smart contract security is too asymmetric: defenders need to fix every bug while attackers need just one exploit to steal funds.
I’ve been privately advising friends and family to exit all DeFi positions including low-risk "blue chips" like Aave, MakerDAO & Compound."
Manuel Aráoz, co-founder and former CTO of OpenZeppelin, tweeted these thoughts yesterday, and they set off uproar across the timeline.
Of course, OpenZeppelin is the firm behind the most widely used Solidity libraries and boasts one of the largest smart contract audit practices in the industry. The company has since clarified that Aráoz left in 2019 and his views don't reflect their position. Still, I fully understand where Aráoz's coming from.
Last month set a record for the most onchain exploits in crypto's history, at a pace of nearly one a day, totaling more than $625M stolen. Drift and 
KelpDAO took the bulk, but the smaller hits spanned the full surface: lending pools, vaults, oracles, bridges, admin controls. The attack surface keeps widening, with AI helping attackers find routes beyond smart contract bugs alone.
The Asymmetry Is Real
There's a fundamental asymmetry at play. Defenders must patch every bug. Attackers just need one.
If "supermodels" like Mythos can surface 1000s of high-severity bugs that lay dormant for decades, surviving millions of automated tests, imagine what they'll do to a language like Solidity, which has only existed for 12 years. DeFi has had less than half the time to battle-harden the language it's built on, and the tools doing the testing are getting rapidly stronger and cheaper. It only cost Mythos $50 to discover a 25-year old bug.
The Trajectory
When Alpen Yukseloglu came on Bankless to discuss EVMBench, the Paradigm/
OpenAI benchmark on smart contract vulnerabilities, he shared how they found models jumping from 12-13% detection of fund-draining bugs to above 70% with 5.3 Codex over the course of six months.
It’s been nearly three months since then and we're already at 5.5, a model so capable it prompted a mass exodus from Claude. There's no doubt it's being used for offense here, if only to some degree. And while 5.5 isn't Mythos-level, Anthropic has made clear it wants to release Mythos publicly. That likely forces OpenAI to ship its own cybersecurity model, 5.5-Cyber, in response.
Bankless
The Math Is Already Broken
It's happening less than it was, but people still treat "low-risk DeFi" products like vaults or 
Aave as equivalent to savings accounts. $11.8 billion sits in Morpho vaults earning 2-4% APY. Most of that capital arrived through Coinbase, Kraken, or similar interfaces.
Consider the risk-reward profile. In the vast majority of these positions, people are risking total loss on their capital to earn single-digit returns. It's no wonder the market's turned to perps and memecoins. Degenerate, sure, but the risk-reward math vastly outperforms DeFi. Even beyond AI, we have the North Korea exploit engine who runs sophisticated attack campaigns, their D(rift)-Day “mission” for built up over six months, and the math on a 3% APY vault seems comical.
David Christopher
Tools Cut Both Ways
The case for staying is that these models cut the cost of defense as fast as they cut the cost of offense.
Agentic allocator Zyfai is a live example. Their agents flagged the Aave and KelpDAO conditions early, rebalanced into safer pools, and held capital unallocated when nothing cleared their risk thresholds. That's a company self-report, so apply the appropriate grain of salt. But the architecture is right. An agent watches live data around the clock, enforces a predefined risk budget, and refuses to allocate when conditions don't qualify, all under smart account permissioning with session keys and spending caps. That's a defensive layer humans can't match on attention or speed.
David Christopher
The same logic extends to insurance. Onchain coverage has been a footnote for years. Nexus Mutual, the longest-running protocol, has paid only $18.6M in claims across its entire history while crypto lost $3.4B to hacks in 2025 alone. The product has been narrow, the premiums heavy, the friction high. New constructions are starting to fix that. OpenCover's Covered Vaults stream premiums out of yield rather than billing depositors separately, and a Vaults.fyi partnership now surfaces coverage data alongside risk metrics through the same endpoint. Tools like these are great and I expect a sharp rise in insurance protocols and coverage adoption from here.
Aráoz's diagnosis is right, though a little trite. His prescription, exit everything, is certainly alarmist, though unfortunately reinforced by another exploit today. While I believe we more so need agents on defense and more comprehensive insurance protocols rather than to scrap the whole system, I'm personally sidelined on DeFi and expect to be for some time.
$100K is up for the taking. All you have to do is trade Ondo RWAs and out earn everybody else. Swap 260+ Ondo tokenized US stocks, ETFs, and commodities on MetaMask now through June 18 to compete for your share. The traders with the best percentage return will win the biggest cut of $100,000.
NEAR keeps quietly showing up everywhere lately, like Infinex, Venice, Zashi, and beyond.
David wanted to understand why, so he found Sal Ternullo, CEO of SVRN, who's essentially built his whole company around the thesis that NEAR is the most underappreciated L1 in crypto right now.
The conversation gets into what "AI money" actually means as a token thesis, how NEAR Intents is capturing fee revenue in a way that's Hyperliquid-esque, and much more.
Catch the full discussion! 👇
