OPN Intel
LIVE
BTC$76,620MAYER0.95×200W1.25×PI-CYCLE38%DRAWDOWN-39%PUELL0.81×W-RSI45BMSB0.97×
AS OF 2026-05-24
Threats· May 27, 2026· 5 min read

AI Finds DeFi Exploits for $1.22 in Compute

Manuel Aráoz, co-founder of OpenZeppelin, warned May 27 that he now considers all of DeFi unsafe. AI coding agents have become superhuman at finding smart contract vulnerabilities, and the economics are one-sided: the average cost for an AI agent to exhaustively scan a contract is $1.22, while the potential exploit revenue those agents can generate has been doubling every 1.3 months. In the past 12 months, more than $1.1 billion has been drained from DeFi protocols, and DeFi total value locked (TVL) has declined $20 billion in 2026 alone. Aráoz's core asymmetry: defenders must find and fix every bug in every contract they deploy, and they must do it faster than AI agents that never sleep, while attackers need just one. The OPNorange thesis: the self-custody stack has no smart contract attack surface for AI to exploit. Private keys to native BTC cannot be drained by any auditing agent because there is no contract code to audit.

Key takeaways

  1. Manuel Aráoz, co-founder of OpenZeppelin, stated May 27, 2026 that he now considers all of DeFi unsafe, citing AI coding agents that have become superhuman at finding smart contract vulnerabilities. His core asymmetry argument: coding agents can scan every public contract continuously, defenders must fix every bug in every contract they deploy, and attackers need just one working exploit to drain funds. OpenZeppelin audits major DeFi protocols including Aave, Compound, MakerDAO, Uniswap, and Coinbase, making the warning credible rather than speculative
  2. Research from Anthropic's safety team established that the average cost for an AI agent to exhaustively scan a smart contract for known vulnerability classes is $1.22. Exploit capability has been doubling approximately every 1.3 months, and token costs are declining roughly 23% every 2 months. In 1 year, AI agents went from successfully exploiting 2% of known-vulnerable contracts to 55.88%, and the potential exploit revenue they can generate increased from $5,000 to $4.6 million. A Binance research report found AI 2x better at exploiting contracts than at detecting vulnerabilities, meaning offense is outrunning defense on the same tool
  3. The $1.1 billion lost from DeFi protocols in the past 12 months is the empirical record against which Aráoz's warning is set. April 2026 was the worst single month: $630 million drained across 27 documented exploit incidents. The April 18 Kelp DAO bridge exploit alone drained $292 million (116,500 rsETH) in 1 attack. The Kelp protocol had been audited before deployment. DeFi TVL has declined $20 billion in 2026, and the decline predates today's warning
  4. DeFi's open-source architecture is structurally asymmetric in ways AI amplifies. Every smart contract that governs a DeFi protocol is publicly readable on-chain. Defenders and attackers have access to the same code. AI auditing tools cost both sides $1.22 to run. What is not equal is the win condition: defenders must correctly identify and patch every exploitable bug across every function and every cross-contract interaction, while attackers need just one. OpenZeppelin launched its Continuous Security Program on May 11, 2026, a subscription-based AI-augmented lifecycle-spanning monitoring model designed specifically because point-in-time audits can no longer cover code deployed between audit cycles
  5. Self-custody of native BTC is structurally outside the attack class Aráoz describes. Bitcoin's UTXO model exposes no smart contract code for AI agents to audit. There is no protocol function to scan, no cross-contract interaction to exploit, no on-chain code that can be probed for vulnerability classes. The attack vectors that remain against self-custody (phishing, seed phrase compromise, wrench attacks, hardware wallet supply chain) are social and physical, not algorithmic. Custodial risk in DeFi positions is real and growing as AI exploit capability doubles every 1.3 months; self-custody of native BTC removes that specific exposure entirely

What Happened

On May 27, 2026, Manuel Aráoz, co-founder of OpenZeppelin, one of the most established smart contract security firms in the industry, declared that he now considers all of DeFi unsafe. His argument centers on AI coding agents that have become, in his words, superhuman at finding smart contract vulnerabilities. The core asymmetry he describes: coding agents are superhuman at finding vulnerabilities, and smart contract security is too asymmetric because defenders need to fix every bug while attackers need just one exploit to steal funds. OpenZeppelin's client list includes Aave, Compound, MakerDAO, Uniswap, and Coinbase. The warning is not from an outsider speculating about risk. It is from the firm that audits the largest protocols in the sector.

The warning lands against a documented backdrop of losses. In the past 12 months, more than $1.1 billion has been drained from DeFi protocols. April 2026 was the worst single month: $630 million stolen across 27 documented exploit incidents, with the Kelp DAO bridge exploit accounting for $292 million of that total in a single attack on April 18. DeFi's TVL has declined more than $20 billion in 2026. The direction of travel is not improving.

The Economics of an AI-Driven Exploit

The specific data point that frames the threat is the cost curve. Research from Anthropic's safety team established that AI agents can exhaustively scan a smart contract for known vulnerability classes for an average cost of $1.22. In the span of 1 year, AI agents went from successfully exploiting 2% of known-vulnerable contracts to 55.88%, with potential exploit revenue doubling approximately every 1.3 months. Token costs fell roughly 23% every 2 months as model efficiency improved. In 2024, a full AI-powered contract scan cost close to $100. Today it costs $1.22. At the current cost reduction rate, it will cost under $0.50 by end of 2026.

The implication is not just that individual high-value protocols are at risk. It is that automated AI scanning becomes cheap enough to run against every public smart contract continuously, not just against the largest targets. A Binance research report found AI is 2x more effective at exploiting smart contract vulnerabilities than at detecting them, meaning the offense-to-defense ratio is worsening on the same tooling. OpenZeppelin's response, launched May 11, 2026, is the Continuous Security Program: a subscription model combining AI-augmented, lifecycle-spanning monitoring. The explicit rationale for the program is that point-in-time audits can no longer cover code deployed between audit cycles. The Kelp DAO bridge was audited before deployment. The configuration error that caused $292 million in losses was not in the originally audited code.

The Asymmetry That Cannot Be Patched Away

DeFi's open-source architecture creates an asymmetry that is structural, not incidental. Every smart contract governing a DeFi protocol is publicly readable on-chain. Defenders and attackers access the same code. AI auditing tools cost both sides $1.22 to run. What is not equal is the win condition. A defender must correctly identify and patch every exploitable bug across every function, every contract, and every cross-protocol interaction, including interactions with contracts deployed after the original audit. An attacker must find one.

This asymmetry existed before AI. What AI changes is the speed and cost at which the one-bug search can be conducted, and the continuous nature of the search. A human security researcher scanning a complex protocol might spend 200 hours finding a critical vulnerability. An AI agent running the same scan costs $1.22 and completes it faster. More significantly, the AI agent can be run against every new contract deployed on a network, continuously, for a total cost that would have been prohibitive for human auditors to match. The attack surface in DeFi grows with every new deployment. The cost to scan the entire attack surface is falling fast.

What This Means for You

If you self-custody Bitcoin in your own private keys on the Bitcoin network, this story is structurally irrelevant to your attack surface. Bitcoin's UTXO model does not expose contract code to AI auditing. There is no smart contract governing your BTC. There is no protocol function for an AI agent to scan. The asset is controlled by the key, and the key is in your custody. No AI exploit agent can drain your Bitcoin by auditing code because there is no code to audit. The attack vectors that remain (phishing, physical access, seed phrase compromise) are social and physical, not algorithmic.

If you hold DeFi positions, yield-bearing protocol tokens, or assets bridged across chains, Aráoz's warning applies to the specific custodial risk structure you are in. You are counterparty to smart contract code that is publicly auditable by anyone, including adversaries running AI agents at $1.22 per scan. That does not mean your position will be exploited. It means the structural risk is real and growing as the capability curve rises. The April 2026 data is the empirical record: $630 million stolen in 1 month from audited protocols. Self-custody of native BTC is the structural off-ramp from this specific risk class, not because Bitcoin is immune to all attacks, but because it has no smart contract layer for the attack class Aráoz is describing.

What to Watch

Watch whether DeFi protocols adopt continuous AI monitoring at scale following Aráoz's warning. OpenZeppelin's Continuous Security Program is the current commercial answer, but it requires each protocol to subscribe and does not retroactively cover the full deployed contract history. The exploit cost curve is the next thing to track. At a 23% reduction every 2 months, the current $1.22 per scan becomes a sub-$0.50 commodity by end of 2026. DeFi TVL bears watching as AI exploit risk gets priced into capital allocation decisions. The $20 billion TVL decline in 2026 predates today's warning. Whether OpenZeppelin or other security firms follow the warning with proposed architectural standards or protocol-level mitigations remains open. And watch whether AI-powered defense tooling closes the 2x offense-versus-defense gap the current research shows. If the gap widens further, the structural case for keeping real value in self-custodied native BTC rather than in smart contract positions gets harder to argue against.

Defenders must fix every bug. Attackers need just one. At $1.22 per contract scan and a capability doubling every 1.3 months, the asymmetry is no longer theoretical.

Sources

  1. [1]CoinDesk — 'DeFi isn't safe anymore because AI is becoming superhuman at hacking, security chief warns', May 27, 2026
  2. [2]CryptoTimes — 'All of DeFi Is Unsafe: OpenZeppelin Founder Sounds Alarm on AI Exploits', May 27, 2026
  3. [3]BanklessTimes — 'All DeFi Is Unsafe as AI Attacks Rise, OpenZeppelin Co-Founder Says', May 27, 2026
  4. [4]PANews — 'OpenZeppelin co-founder: All DeFi is insecure due to the increasing asymmetry between attackers and defenders', May 27, 2026
  5. [5]Anthropic safety research — 'AI agents find $4.6M in blockchain smart contract exploits', red.anthropic.com/2025/smart-contracts (establishes $1.22/contract scan cost, 1.3-month capability doubling rate, 2%-to-55.88% exploitation rate trajectory)
  6. [6]BeInCrypto — 'AI Exploits Smart Contracts 2x Better Than Detection, Report Finds', 2026 (citing Binance research on offense-defense gap)
  7. [7]OpenZeppelin — 'AI-Powered Security at the Speed of Development: Introducing the OpenZeppelin Continuous Security Program', openzeppelin.com/news/introducing-continuous-security-program, May 11, 2026
  8. [8]CoinDesk — 'Kelp DAO exploited for $292 million with wrapped ether stranded across 20 chains', April 19, 2026

More in Threats

Hinkal Lost $820,000 After Its Privacy Proof Verification Failed to Verify Anything$1.7 Million Drained Through a Single Forged Proof on TaikoFTX Repays Bitcoin Creditors at $16,871 Petition-Date Price