The attackers cycled funds through multiple wallets to repeatedly farm rewards, taking advantage of flaws baked into the protocol’s incentive structure.
A Wave Of Attacks Hitting The EcosystemHis reasoning cuts to a basic problem in how blockchain security works. Defenders have to find and patch every single vulnerability, while an attacker only needs one to drain a protocol entirely.
PSA: I now consider *all* of DeFi unsafe.
Coding agents are superhuman at finding vulnerabilities, and smart contract security is too asymmetric: defenders need to fix every bug while attackers need just one exploit to steal funds.
AI Tools Shifting The BalanceAráoz pointed to AI-powered coding tools as the reason that balance has gotten harder to manage. Reports indicate he believes these tools allow attackers to scan contracts for weaknesses at a speed and scale that most security teams cannot match.
He went further in private communications, reportedly advising friends and family to pull their funds from major DeFi platforms altogether, including Aave, MakerDAO, and Compound. Those three platforms represent a significant share of total value locked across decentralized finance.
Complexity Making Defense HarderThe problem is compounded by how modern DeFi protocols are built. Many now stack multiple components on top of each other — bridges, lending systems, staking mechanisms, automated reward contracts — and each additional layer widens the surface area that has to be defended.
Major protocols have responded by pouring resources into audits, bug bounty programs, and formal verification. Reports note that even those efforts have not fully closed the door on phishing attacks and incentive manipulation schemes.
The concern now is whether smaller DeFi projects — those without the budget for continuous security reviews — can hold up against attackers who are moving faster than before.
Featured image from Binance, chart from TradingView
