OpenZeppelin founder cites AI-powered vulnerability discovery as asymmetric threat to smart contract security
Manuel Aráoz, founder of OpenZeppelin, declared the entire DeFi ecosystem unsafe on May 26 following a coordinated wave of attacks that drained approximately $600,000 from liquidity pools and user wallets across Ethereum.
The attacks exploited weaknesses in two distinct systems. Attackers cycled funds through multiple wallets to repeatedly farm rewards from incentive structures on WUSD.fi and GLOVE, draining an estimated $200,000 from Ethereum liquidity pools. Simultaneously, fraudulent Google advertisements impersonating Uniswap routed users to phishing sites designed to steal wallet credentials, resulting in $400,000 in losses before the ads were flagged.
“I now consider all of DeFi unsafe. Coding agents are superhuman at finding vulnerabilities, and smart contract security is too asymmetric: defenders need to fix every bug while attackers need just one exploit to steal funds,” Aráoz said in his public warning.
The statement reflects a fundamental imbalance in DeFi security dynamics. Modern protocols stack multiple components including bridges, lending systems, staking mechanisms, and automated reward contracts. This architectural complexity widens the attack surface exponentially. A single flaw in any layer can cascade through the entire system, yet defending against vulnerabilities requires comprehensive coverage across all layers.
The WUSD.fi and GLOVE exploits demonstrate how attackers can manipulate protocol incentive structures. By cycling funds through multiple wallets, attackers bypassed reward distribution safeguards designed to prevent concentrated farming. The Google Ads phishing campaign operated in parallel, targeting users directly rather than protocol code, suggesting a two-pronged assault on both infrastructure and end users.
OpenZeppelin and other security firms have previously identified vulnerabilities arising from interactions between smart contract standards. The firm documented a vulnerability stemming from interaction between ERC-2771 and Multicall standards, illustrating how seemingly independent components can create exploitable gaps.
Major DeFi platforms including Aave, MakerDAO, and Compound have increased investment in audits, bug bounty programs, and formal verification in recent years. These defenses have not fully closed the door on phishing attacks and incentive manipulation schemes, however. Aráoz reportedly advised friends and family to withdraw funds from these platforms in private communications.
The attacks underscore a critical vulnerability in DeFi’s asymmetric security model. Defenders must identify and patch every possible flaw. Attackers need only one. As AI-powered coding agents accelerate the pace of vulnerability discovery, that asymmetry grows sharper.
