‘Not a good take’ – AAVE’s founder rejects ‘all DeFi is unsafe’ warning

DeFi security is back in the headlines after OpenZeppelin’s founder, Manuel Aráoz, claimed that the entire sector is unsafe. The issue has now sharply divided the community. 

Stani Kulechov, the founder of leading DeFi lending protocol Aave, is the latest figure to dismiss Aráoz’s comment. He said, 

Not a good take. DeFi infra today is materially more resilient than in prior cycles (partially also thanks to AI).

AD

Earlier in the week, Aráoz said he considers “all of DeFi unsafe,” citing the improving offensive capabilities of AI-powered cybersecurity agents that can swiftly crack smart contracts and protocols. 

According to him, the threat has led him to advise his friends and family to exit all DeFi positions, including Aave, MakerDAO, and Compound. 

However, Aave’s Kulechov countered that AI has also improved DeFi tooling, risk engines, and other areas. He retorted that, 

DeFi is constantly evolving, but pretending the industry hasn’t matured significantly or that AI is only a net negative for DeFi security is simply not true.

OpenZepplin distances itself from founder’s DeFi warning

Notably, OpenZeppelin is a leading blockchain security firm, best known for automating on‑chain financial transactions. It was therefore unsurprising that a comment from its founder sparked such a wide and heated debate.

But does that mean OpenZeppelin can’t defend against such threats? Is it also unsafe to use the product? Interestingly, the firm distanced itself from its founder’s remarks following pressure from the public. 

Sam MacPherson, co-founder of Sky (formerly MakerDAO), echoed Kulechov’s stance and noted, 

Most of the recent major hacks have been opsec issues. Smart contracts of blue chips are quite safe these days.

In fact, some analysts claimed that less than 10% of 2025 DeFi hacks were due to codebase issues. They noted that the majority of the exploits were linked mostly to bad parameter configuration and poor operational security (opsec). 

But Aráoz countered that coding agents are superhuman at cracking these vulnerabilities too. On a year-on-year (YoY) basis, about $1.45 billion has been stolen from the DeFi sector. 

And over 50% of the exploits were tied to bridged exploits, compromised admin, and private keys. So, both sides of the debate are right. 

That said, DeFi exploits, contagion fears, and crypto winter have triggered $45 billion in capital outflows in 2026. The DeFi total locked value (TVL) has since dropped 35% to $80 billion. 

Final Summary

• OppenZeppelin founder Manuel Aráoz sparked debate after warning that “all DeFi is unsafe” and users should exit positions. 
• Aave founder and other industry leaders pushed back against his claims, noting that DeFi infrastructure has improved despite the rising exploit risks.