Crypto security concerns have intensified after OpenZeppelin co-founder Manuel Aráoz said he has advised friends and family to exit all decentralized finance positions, including exposure to major lending protocols.
Summary
- OpenZeppelin co-founder Manuel Aráoz said he has advised friends and family to exit all DeFi positions, including exposure to Aave, MakerDAO, and Compound.
- DeFi protocols lost nearly $630 million to hacks in April, with Drift and Kelp DAO accounting for most of the monthly losses.
- Total value locked across the DeFi market has fallen roughly 14% since mid April as exploit incidents continued into May.
In a post published Tuesday on X, Aráoz said he no longer considers “all of DeFi” safe, arguing that the balance between attackers and defenders has tilted too far in favor of hackers. Even lower-risk positions tied to established protocols such as Aave, MakerDAO, and Compound were included in his warning.
Describing the current state of smart contract security, Aráoz said coding agents have become “superhuman at finding vulnerabilities,” while developers remain trapped in a system where “defenders need to fix every bug while attackers need just one exploit to steal funds.”
“I’ve been privately advising friends and family to exit all DeFi positions, including low-risk “blue chips” like Aave, MakerDAO & Compound,” he added.
Aráoz’s comments arrived as the crypto industry continues dealing with one of the most damaging periods for DeFi exploits since the $1.5 billion Bybit hack in February 2025.
DeFi exploits cross $600 million in April
Data from DefiLlama showed that roughly $629.7 million was stolen from DeFi protocols in April alone, making it the worst month for crypto-related hacks in more than a year. Two attacks accounted for most of the losses.
Among the largest incidents, Drift Protocol lost about $285 million after attackers reportedly used a social engineering campaign that lasted six months.
Kelp DAO suffered another $293 million exploit tied to vulnerabilities in its cross-chain bridge infrastructure. Security researchers and blockchain investigators have widely linked both attacks to North Korean state-backed hacking groups.
DefiLlama recorded 27 DeFi exploit incidents during April. At the same time, the total value locked across DeFi protocols dropped about 14% from mid-April levels, falling from nearly $172 billion to around $148 billion.
The concentration of losses came largely from bridge-related weaknesses, privileged access failures, and operational mistakes instead of isolated coding bugs alone.
Outside the two largest breaches, several smaller attacks continued to hit protocols through the month. As previously reported by crypto.news, Wasabi Protocol lost roughly $5.5 million across Ethereum, Base, Blast, and Berachain networks during an active exploit.
Move-to-earn platform Sweat Economy also reported losses of about $3.46 million after attackers drained nearly 65% of its liquidity pool in under 30 seconds. The project later said some of the stolen assets had been frozen on MEXC while recovery efforts continued.
Meanwhile, on the Sui blockchain, decentralized trading platform Aftermath Finance lost nearly $1.1 million in USDC from its perpetuals platform. Blockchain security firm Blockaid said the attacker carried out 11 transactions over approximately 36 minutes.
Smaller attacks continue in May
Although May has not produced losses on the scale seen in April, security incidents have continued across the DeFi sector.
Among the latest cases, Verus Network’s Ethereum bridge was exploited for $11.6 million. Prediction market platform Polymarket also disclosed a $573,200 breach last week that the company said may have involved a compromised private key tied to an internal top-up wallet.
