When crypto fails, hackers win

For years, Decentralised Finance (DeFi) has sold itself as the future of finance: transparent, decentralised, unstoppable. Now one of the most respected security figures in crypto is saying: get out whilst you still can.

Manuel Aráoz, co-founder of OpenZeppelin, believes AI has fundamentally changed the security equation in decentralised finance but his latest warning is brutal: AI coding agents are now becoming so powerful at discovering vulnerabilities that even the best DeFi protocols are no longer defensible.

That matters because OpenZeppelin is not some random critic throwing stones from outside the industry. They helped build the security standards the industry relies upon. When someone from inside the engine room starts warning friends and family to leave even supposedly “safe” protocols like Aave, MakerDAO and Compound, people should pay attention.

The logic is terrifyingly simple. Defenders must secure every single line of code. Attackers only need one mistake and AI massively amplifies that imbalance.

What once took elite hackers weeks is now taking autonomous agents minutes.

Every smart contract becomes a permanent public target, sitting on the internet like a vault with transparent walls, whilst AI systems relentlessly search for microscopic cracks.

The thing is that this is not just in crypto. It is also in banking. It is why the UK and US governments called in all the leading bankers to talk about Claude’s Mythos, who found and reported that it could identify thousands of high-severity vulnerabilities in major banking systems in minutes.

In banking and in crypto, security and AI are meeting head-to-head.

In crypto trading, the problem is that this is even more of an issue as this is happening whilst the industry is already bleeding hundreds of millions of dollars. More than $750 million reportedly vanished in crypto exploits in April alone.

Source: https://cryptonews.net/news/security/32788977/

Some hacks involved smart contract flaws. Others involved social engineering, compromised keys, governance exploits and sophisticated state-backed operations linked to groups like Lazarus Group, a state-sponsored hacker group alleged to be run by the government of North Korea.

The point is not where the weakness lies. The point is that the attack surface is exploding faster than the industry can defend it.

This is the uncomfortable truth crypto enthusiasts do not like discussing: decentralisation does not eliminate risk. In many cases, it removes the safety nets. There is no fraud department to call. No ombudsman. No chargeback. No central authority reversing the transaction because your life savings disappeared into a wallet controlled by a teenager, a criminal syndicate or an AI agent running attack scripts at machine speed.

Meanwhile, AI is not standing still. Every improvement in autonomous coding, vulnerability discovery and system analysis strengthens the attackers as much as the defenders. Possibly more.

That does not mean DeFi dies tomorrow. Bitcoin and Ethereum are not disappearing. Nor are the large protocols suddenly collapsing overnight. But it may mean the romantic era of “trust the code” is ending because, increasingly, the code may no longer be trustworthy. Or more accurately, no human may fully understand whether it is trustworthy anymore.

That is the real fear here.

AI is turning cyber security into an industrialised intelligence war and much of DeFi still looks like a giant, permanently open casino sitting in the middle of it.