DeFi's confidence trade is fraying after April's exploit run

OpenZeppelin co-founder Manuel Aráoz said he now considers “all of DeFi” unsafe, an unusually blunt warning from a founder whose firm sells security to the sector. The comment followed April’s exploit wave, which stripped about $630 million from decentralized-finance protocols across 27 cases, and a 14 per cent slide in sector-wide value locked from mid-April to roughly $148 billion, according to The Block’s reporting on TVL flows. It also came from inside OpenZeppelin, a firm that still sells itself as a critical line of defence for onchain finance.

Markets care less about one founder sounding alarmed than about what that alarm says about capital formation. Repeated losses are starting to price DeFi less as a yield machine and more as a confidence trade. Once money starts leaving before a blue-chip protocol itself breaks, investors are passing judgement on the full stack around it: bridges, multisigs, governance permissions, third-party modules and developer tooling.

That context makes the remark harder to dismiss as social-media theatre. Earlier this month, the same firm launched an AI-powered Continuous Security Program and still brands itself as “the security standard for onchain finance”. A warning from that position suggests the risk model is getting harder to defend, even for a company selling defence.

“Coding agents are superhuman at finding vulnerabilities, and smart contract security is too asymmetric.”
Manuel Aráoz, OpenZeppelin co-founder, via The Block

Scepticism still belongs near the top of the story. “All of DeFi” is too broad if the latest failures are clustered where code meets operations. A KelpDAO bridge exploit, the StablR multisig breach that minted $13.5 million in unbacked tokens, and the third-party Squid module exploit that drained about $3.2 million from 86 Safes are different failures. Together, though, they point to the same market problem: capital has to trust far more than audited core lending code.

What the exploit tape is saying

TVL tells only part of the story. Asset prices moved as well, so some of that 14 per cent decline will be market beta rather than outright withdrawals. Still, the timing around the KelpDAO shock and the persistence of softer risk appetite suggest more than mark-to-market noise. Money is asking for a wider risk premium before it returns to protocols whose security story depends on a long chain of counterparties and privileged actors.

Aráoz reportedly singled out blue-chip names such as Aave, MakerDAO and Compound as places he would now exit. That does not mean those protocols are suddenly broken. In DeFi, blue-chip status no longer rests only on whether a core smart contract survived an audit. It now depends on whether users believe the broader operating stack around that contract can absorb the next bridge failure, signer compromise or module exploit without triggering forced exits.

April therefore looks less like an isolated bad month and more like another test of how much patience DeFi depositors still have. The sector has survived hacks before. This time, the tone is darker because size, frequency and a widening attack surface are arriving together, just as tooling improves for attackers. If defensive teams must keep every permission set, dependency and upgrade path clean while attackers need only one overlooked weakness, capital will keep demanding a discount.

“Defenders need to fix every bug while attackers need just one exploit to steal funds.”
Manuel Aráoz, OpenZeppelin co-founder, via The Block

Outflows may reverse if token prices recover and no fresh incident lands. Even so, the burden of proof has shifted. DeFi can no longer rely on the old assumption that users will treat each exploit as protocol-specific bad luck and come back for yield two weeks later.

Why the attack surface is getting harder to price

From a builder’s perspective, the pattern is narrower and more revealing. Many of the nastiest losses this year have not come from a textbook bug in a flagship lending market. They have come from connective tissue: bridge infrastructure at KelpDAO, multisig control at StablR and module-level permissions in Squid’s Safe-related incident. The lesson is not simply that audits failed. It is that audits may be solving a narrower problem than the market assumes.

Meanwhile, the threat backdrop is not standing still. The Register recently reported on AI agents being used in sanctions-evasion and crypto-linked operations tied to North Korean actors, a reminder that DeFi teams are not defending only against opportunistic code scavenging from small operators.

Investors care because DeFi still collapses several risk buckets into one trade. In equities, they can separate product risk from treasury risk, governance risk or cyber risk, then decide what multiple to pay. In DeFi, a failure in any one of those layers can freeze liquidity or erase confidence quickly. A protocol may have pristine immutable contracts and still be one weak signer set away from a ruinous week.

There is also an awkward commercial angle. OpenZeppelin is warning that the attack environment has turned structurally harsher while also marketing a faster, AI-assisted defence model. That is not a contradiction, but it is not neutral either. The market should hear the warning because OpenZeppelin sees exploit traffic up close. It should also hear the subtext: the more DeFi feels uninsurable through traditional audits alone, the more demand shifts toward continuous monitoring, simulation and response.

Traditional finance has seen versions of that shift before. When a market stops believing legacy controls are enough, spending migrates from prevention to surveillance. In crypto, that could mean a move from point-in-time audits toward permanently staffed security operations, stricter signer design, narrower permissions, slower upgrades and less tolerance for composability that cannot be monitored in real time. Those steps could improve resilience. They could also make the sector less open, less fast and less profitable.

What policy and capital are likely to hear next

Washington and other policy circles will hear something broader in this tape. Repeated DeFi breaches make it easier to argue that onchain finance needs stronger operational rules before it deserves wider distribution. That line is already visible as groups push regulated structures such as Plume’s licensed onchain vault manager while central banks, including through the Bank of England’s recent tokenization and stablecoin framing, keep sketching futures in which smart contracts matter but permissions and safeguards matter more.

Allocators face a simpler question. The hurdle rate for re-entering DeFi has risen. Fresh money does not only need a view on Ether, stablecoin liquidity or emissions. It now needs a view on whether the operational perimeter around major protocols is finally becoming legible enough to trust. That is a tougher ask after a month in which losses ran to $630 million and 27 exploit cases before May had offered much relief.

A bullish reading is that blue-chip DeFi survives exactly because the market is getting stricter. Weaker structures lose deposits, stronger ones absorb the discipline, and the sector emerges with more credible controls. The bearish reading is that every new exploit teaches users that “blue chip” in DeFi still describes a protocol’s brand more reliably than it describes the safety of the full stack around it.

Aráoz’s warning matters because it crystallises that tension. The immediate headline is a founder saying the quiet part out loud. The deeper market story is that DeFi security has become inseparable from DeFi demand. Until the sector can make trust scale faster than attack sophistication, each new exploit will hit confidence first and token prices second.