- Manuel Aráoz warned investors against holding DeFi positions amid rising exploit threats.
- DeFi protocols recorded nearly $630 million losses during April exploit incidents.
- Declining DeFi total value locked reflected weakening investor confidence across protocols.
Manuel Aráoz, co-founder of OpenZeppelin, has warned that decentralized finance no longer provides a safe environment for investors, revealing that he has already advised friends and family members to withdraw all DeFi-related positions despite the presence of established protocols that many users still consider relatively secure. According to statements Aráoz shared on X, his concerns extend beyond smaller platforms and also include exposure to recognized lending protocols such as Aave, MakerDAO, and Compound, which have traditionally maintained stronger reputations within the decentralized finance sector.
Aráoz explained that the rapid advancement of automated coding agents has significantly shifted the balance between attackers and developers because these systems can identify vulnerabilities at a speed that security teams increasingly struggle to match, thereby creating an environment where exploit risks continue expanding across multiple protocols.
Additionally, according to Aráoz, smart contract security remains heavily asymmetric because protocol developers must eliminate every possible vulnerability before deployment, while attackers only require one successful exploit to drain millions of dollars from affected platforms within minutes. His warning emerged during a period where decentralized finance protocols continue experiencing repeated security incidents involving cross-chain bridges, lending systems, and internal wallet operations, despite increased spending on audits and infrastructure upgrades throughout the sector.
Also Read: Alert: XRP Open Interest Surges to 79M Across Major Exchanges Amid Price Stall – What This Means
Major Exploits Continue Weakening Confidence Across DeFi Platforms
According to DeFiLlama data, decentralized finance protocols recorded nearly $630 million in exploit-related losses during April through 27 separate security incidents, making it the sector’s worst month for hacks since the $1.5 billion Bybit breach that occurred earlier this year.
Among the largest incidents reported during the month, hackers exploited Drift through a social engineering campaign that reportedly lasted for six months before attackers successfully drained more than $285 million from the protocol’s infrastructure. Moreover, attackers targeted a cross-chain bridge vulnerability connected to Kelp DAO, resulting in losses approaching $293 million and further increasing concerns surrounding bridge security across decentralized finance ecosystems.
Reports linked both exploits to North Korean state-backed hacking groups, while the repeated scale of these incidents increased concerns surrounding whether current DeFi security models remain capable of handling increasingly sophisticated attacks. The broader decentralized finance market has also reflected weakening investor confidence because total value locked across protocols declined from nearly $172 billion in mid-April to roughly $148 billion within recent weeks as exploit activity continued rising.
May has continued showing similar security challenges, although reported losses remained smaller, with Verus Network confirming an Ethereum bridge exploit worth approximately $11.6 million while Polymarket acknowledged a separate $573,200 breach connected to a possible private key compromise involving internal wallet operations.
Conclusion
Aráoz’s warning has added to growing concerns surrounding decentralized finance security as repeated exploit incidents continue affecting both major protocols and smaller platforms, while declining total value locked figures suggest investors remain increasingly cautious despite ongoing attempts to strengthen security protections across the sector.
Also Read: Ripple Engineer Reveals XRPL Security Advantage After $3M Wallet Exploit
