Security concerns across the decentralized finance (DeFi) ecosystem intensified this week after developers and researchers warned that artificial intelligence (AI) is accelerating the pace and sophistication of smart contract exploits.
Industry experts say AI-powered coding tools are lowering the technical barriers for attackers, enabling vulnerabilities to be identified and exploited faster than many protocols can defend against them.
Amid the growing debate, OpenZeppelin’s former co-founder and software developer Manuel Aráoz said in a widely circulated post that he now considers “all of DeFi unsafe,” arguing that AI-powered coding agents have fundamentally changed the threat landscape for blockchain applications.
“Coding agents are superhuman at finding vulnerabilities, and smart contract security is too asymmetric: defenders need to fix every bug while attackers need just one exploit to steal funds,” Aráoz wrote.
He later added that he had privately advised friends and family to exit DeFi positions entirely, including exposure to major platforms such as Aave, MakerDAO, and Compound.
OpenZeppelin, which Aráoz left in 2019 and is now led by co-founder and CEO Demian Brener, responded publicly that Aráoz’s views do not represent the company’s position. In a statement on X, the firm said the answer to AI-driven security risk is continuous, AI-augmented security rather than retreat from DeFi, and reaffirmed its commitment to securing leading DeFi protocols and onchain financial institutions.
Recent DeFi attacks add to security concerns
The warnings come amid a fresh wave of exploits, phishing operations, and smart contract abuse cases affecting the broader DeFi ecosystem.
Earlier this week, fake Google advertisements impersonating Uniswap reportedly exposed users to phishing websites designed to steal wallet credentials and crypto funds.
Investigators estimated that the scam drained at least $400,000 from unsuspecting users after fraudulent ads appeared above legitimate Google search results.
In a separate incident, attackers allegedly exploited flaws tied to the WUSD.fi and GLOVE incentive system, draining roughly $200,000 from Uniswap V3 liquidity pools on Ethereum.
Security researchers at ExVul said the attackers repeatedly farmed rewards using multiple wallets to abuse weaknesses in the protocol’s incentive structure.
Smart contract complexity continues creating risks
The latest incidents have renewed industry debate around whether DeFi infrastructure can remain secure as protocols become increasingly complex and interconnected.
Leading smart contract security firm OpenZeppelin previously identified vulnerabilities linked to problematic integrations between ERC-2771 and Multicall smart contract standards, highlighting how combining multiple protocol layers can unintentionally expose systems to exploits.
Researchers warn that many DeFi applications now rely on highly composable architectures involving bridges, liquidity pools, staking systems, lending protocols, and automated reward mechanisms — significantly expanding attack surfaces for hackers.
AI-assisted exploits becoming a growing threat
Cybersecurity analysts increasingly believe AI tools are accelerating the speed at which attackers can audit contracts, discover weaknesses, automate phishing infrastructure, and simulate exploit strategies.
Unlike traditional software vulnerabilities, smart contract exploits often allow attackers to instantly drain irreversible on-chain funds once a weakness is discovered.
The rise of AI-assisted hacking tools has also heightened fears that smaller DeFi projects lacking extensive auditing resources may struggle to defend themselves against increasingly sophisticated attackers.
While major DeFi protocols continue investing heavily in audits, bug bounty programs, and formal verification systems, recent exploits show that even well-known platforms remain exposed to phishing campaigns, incentive manipulation, and contract-level vulnerabilities.
The latest warnings are likely to further intensify industry discussions around whether DeFi security standards can keep pace with the rapid advancement of AI-powered attack tools.
Update: This article has been updated to clarify that Manuel Aráoz is a former co-founder of OpenZeppelin who departed in 2019, to replace an image that incorrectly identified him, and to include a response from the company.
Also read: Gnosis Safe Users Hit by $3M Exploit Tied to Fake Token Scheme
