Overview
- OpenZeppelin co‑founder Manuel Aráoz said he now considers all of DeFi unsafe and has privately advised friends and family to pull out of DeFi positions.
- Data show roughly $629.7 million was stolen from DeFi protocols in April, with KelpDAO, Drift and Euler reporting the largest single losses.
- OpenZeppelin published a May 12 framework called the Four Layers of DeFi Risk that says audits alone are not enough and recommends continuous monitoring, bug bounties, formal verification of critical code, and insurance.
- Investigators say attackers are using automated AI coding tools to find exploits faster than human auditors can fix them, and several large breaches have been linked to state‑backed actors and to failures in cross‑chain bridges and privileged operational accounts.
- The exploit wave has pushed total value locked down about 14% since mid‑April and prompted capital flight and tighter due diligence, which could shrink DeFi liquidity and push projects to adopt layered,always‑on security measures.