Confidence in decentralized finance has taken another hit after Manuel Aráoz, co-founder of crypto security firm OpenZeppelin, publicly stated that he no longer considers any part of the sector safe. His warning comes at a time when losses from exploits have surged and attackers continue to outpace defensive measures.

In a post published Tuesday on X, Aráoz said he has already taken a personal stance on the issue.

“I’ve been privately advising friends and family to exit all DeFi positions, including low-risk “blue chips” like Aave, MakerDAO & Compound,” he wrote. His comment did not target fringe protocols alone. It extended to platforms that many users treat as relatively stable within the ecosystem.

Aráoz described a growing imbalance between attackers and developers responsible for securing smart contracts. “Coding agents are superhuman at finding vulnerabilities, and smart contract security is too asymmetric,” he said. “Defenders need to fix every bug while attackers need just one exploit to steal funds.” His remarks point to a structural weakness rather than isolated failures.

April records worst DeFi losses in over a year

The warning follows one of the most damaging months for DeFi security since early 2025. Data from DefiLlama shows that approximately $634.85 million was stolen from DeFi protocols in April alone. This marks the highest monthly loss since February 2025, when the Bybit hack resulted in roughly $1.5 billion in damages.

Defi hack in April. Source: Defillama
Defi hack in April. Source: Defillama

Two large-scale incidents accounted for the majority of April’s losses. Drift Protocol lost about $270 million after attackers executed a social engineering scheme that lasted six months. The breach did not rely on a simple coding flaw. It involved prolonged manipulation that allowed access to critical systems.

Kelp DAO suffered another major exploit worth around $293 million. The attack targeted vulnerabilities in its cross-chain bridge infrastructure. Investigators and security researchers have widely linked both incidents to North Korea’s state-backed hacking groups, though attribution in such cases remains complex.

DefiLlama recorded 27 separate exploit incidents during the month. The scale and frequency of attacks reflect persistent weaknesses across multiple layers of DeFi infrastructure. Bridge systems, privileged access points, and operational processes have all emerged as common entry points for attackers.

Total value locked declines as pressure builds

The impact of repeated breaches has started to show in capital flows. Total value locked across DeFi protocols dropped by about 14% since mid-April. It fell from nearly $172 billion to around $148 billion within a short period. The decline signals reduced user confidence rather than routine market fluctuation.

Losses did not remain limited to the largest exploits. Smaller incidents continued to affect a wide range of projects. Wasabi Protocol reported losses of roughly $5.5 million across several networks, including Ethereum, Base, Blast, and Berachain, during an active exploit.

Sweat Economy faced a rapid attack that drained nearly 65% of its liquidity pool in under 30 seconds, resulting in losses of about $3.46 million. The project later confirmed that part of the stolen funds had been frozen on MEXC while recovery efforts continued.

On the Sui blockchain, Aftermath Finance lost close to $1.1 million in USDC from its perpetuals platform. Blockchain security firm Blockaid reported that the attacker executed 11 transactions over approximately 36 minutes. The sequence showed a calculated approach rather than random exploitation.

Exploits continue into May at lower scale

May has not reached the same level of losses seen in April, but incidents have not stopped.

Among recent cases, Verus Network’s Ethereum bridge suffered an exploit worth $11.6 million. The attack again highlighted persistent risks tied to cross-chain infrastructure. These systems often introduce additional complexity, which increases the potential attack surface.

Security concerns shift from code to systems

The recent wave of incidents shows a shift in how attacks occur. Early DeFi exploits often relied on direct coding errors. Recent cases show a broader pattern that includes social engineering, key management failures, and bridge vulnerabilities.

Aráoz’s warning reflects this shift. His argument does not focus on a single protocol or bug class. It centers on the difficulty of defending a system where attackers require only one successful entry point. Developers, in contrast, must secure every possible weakness across code, infrastructure, and human processes.

This imbalance continues to shape the current risk environment in DeFi. While innovation in the sector remains active, the security model faces increasing pressure from more sophisticated and persistent attackers.

Fake Uniswap Ads on Google Linked to $400,000 Crypto Theft | HODL FM NEWS
Using cloned Uniswap websites and wallet approval scams, a phishing campaign that was run through Google Ads was successful in stealing $400,000.
hodl-post-imageHODL FM News: The Wildest Ride in the Crypto MarketGunel Ismayilova
hodl-post-image

Disclaimer: All materials on this site are for informational purposes only. None of the material should be interpreted as investment advice. Please note that, despite the nature of much of the material created and hosted on this website, HODL FM operates as a media and informational platform, not a provider of financial advisory services. The opinions of authors and other contributors are their own and should not be taken as financial advice. If you require advice, HODL FM strongly recommends contacting a qualified industry professional.