His comments came after nearly $630 million was stolen from DeFi protocols in April alone. Major incidents included a $285 million Drift exploit and a $293 million Kelp DAO attack, both reportedly linked to North Korean hacking groups. DefiLlama recorded 27 DeFi exploit incidents in April. The trend continued into May with 25 additional exploit cases.
DeFi Security Fears Grow
The concerns around decentralized finance (DeFi) security intensified this week after OpenZeppelin co-founder Manuel Aráoz declared that he now considers “all of DeFi” unsafe. In a post that was shared on X on Tuesday, Aráoz revealed that he personally advised friends and family to exit all DeFi positions, including investments in major “blue chip” protocols like Aave, MakerDAO, and Compound.
Aráoz argued that the balance between attackers and defenders in the DeFi industry has become uneven, especially with the rise of AI-powered coding agents that can discover vulnerabilities in smart contracts. According to him, defenders are forced to secure every possible weakness in a protocol, while attackers only need to identify a single flaw to drain millions of dollars.
Almost $630 million was stolen from DeFi protocols in April alone, which made it the worst month for DeFi-related hacks since the massive Bybit exploit in February of 2025, where attackers stole around $1.5 billion. April’s losses were driven largely by two major attacks.
One of the biggest incidents involved a $285 million exploit targeting Drift, which was reportedly the result of a sophisticated six-month social engineering campaign. Another major attack struck Kelp DAO, where hackers exploited vulnerabilities tied to the project’s cross-chain bridge infrastructure and stole roughly $293 million.
Security researchers and blockchain analysts attributed both attacks to North Korean state-backed hacking groups, which have focused on the cryptocurrency industry as a source of illicit funding. According to DefiLlama data, there were 27 separate DeFi exploit incidents recorded during April.
Total value hacked by month (Source: DeFiLlama)
Investor confidence in decentralized finance also seems to be weakening due to security risks. Total value locked (TVL) across DeFi protocols dropped by approximately 14% since mid-April, falling from around $172 billion to roughly $148 billion. The decline suggests that some users may already be withdrawing funds from decentralized platforms thanks to the growing fears over protocol safety.
The trend continued into May, with another 25 DeFi exploit incidents already reported so far this month, although the financial losses have been smaller compared to April’s massive breaches. Among the incidents was an $11.6 million exploit involving Verus Network’s Ethereum bridge. Meanwhile, prediction market platform Polymarket recently confirmed a separate $573,200 security breach that may have stemmed from a compromised private key connected to an internal operational wallet.
