Concerns Over Decentralized Finance (DeFi) Safety
Concerns regarding the safety of decentralized finance (DeFi) have surged following remarks from Manuel Aráoz, co-founder of OpenZeppelin. In a recent statement shared on social media platform X, Aráoz urged his close contacts to divest from all DeFi investments, warning that even well-known protocols like Aave, MakerDAO, and Compound are not exempt from risk.
Shifting Balance of Power
Aráoz articulated a grave assessment of the current DeFi landscape, claiming that the equilibrium between cybercriminals and defenders has shifted unfavorably towards attackers. He expressed that coding experts have become exceedingly adept at detecting vulnerabilities while developers are burdened with the responsibility of securing every flaw.
This asymmetry makes the entire ecosystem perilous; attackers require only a single exploit to compromise funds.
Recent Exploits and Financial Losses
His warnings come amid a significant uptick in exploits targeting DeFi platforms, particularly after a series of major breaches, including the notorious Bybit hack that resulted in $1.5 billion in losses in February 2025. April proved to be especially devastating, with DefiLlama reporting that approximately $629.7 million was siphoned from DeFi protocols, marking it as the most catastrophic month for crypto hacks in over a year.
Significant incidents during this time included:
- Drift Protocol attack: A staggering $285 million vanished, with perpetrators allegedly employing social engineering tactics over a prolonged period.
- Kelp DAO breach: Lost $293 million due to vulnerabilities in its cross-chain bridge.
Experts have correlated these attacks with North Korean hacking factions.
Impact on DeFi Value
The number of breaches rose sharply in April, hitting 27 incidents, which contributed to a decline of about 14% in the total value locked in DeFi protocols—from nearly $172 billion to approximately $148 billion. The security flaws mainly stemmed from bridge vulnerabilities and operational mishaps rather than isolated coding issues.
Smaller Exploits and Ongoing Risks
Additionally, various smaller exploits unfolded throughout the month, including:
- Wasabi Protocol: Lost around $5.5 million across multiple blockchains including Ethereum and Base.
- Sweat Economy platform: Reported a loss of about $3.46 million after a swift attack that drained a majority of its liquidity in under half a minute.
Recovery efforts led to some stolen assets being frozen on MEXC.
In another incident, Aftermath Finance, a trading platform on the Sui blockchain, experienced a breach where nearly $1.1 million worth of USDC was lost through a rapid series of 11 transactions. Blockchain security firm Blockaid noted their detection of this exploit, which was attributed to a flaw in the platform’s operations.
Continued Vigilance Required
Although the beginning of May has seen comparatively fewer high-profile losses, incidents continue to emerge in the DeFi space, including a recent $11.6 million exploit on Verus Network’s Ethereum bridge and a $573,200 breach on prediction market platform Polymarket, involving a potentially compromised internal wallet key. The DeFi sector remains on high alert as the ramifications of these security breaches unfold and mitigate potential investor confidence.
