OpenZeppelin Founder Calls All DeFi Unsafe

The founder of OpenZeppelin declared, “I now consider all of decentralized finance (DeFi) unsafe.” The comment was made in a recent statement about the technical risks facing the sector.

OpenZeppelin provides security audits and maintains widely used open-source smart contract libraries. The company's role in auditing code and offering standard tools for tokens and contracts gives the founder's assessment weight in the developer and security communities.

He pointed to persistent exploitable code and complex interactions between protocols as the core reasons for his view. Specific sources of risk include bugs and logic errors that allow attackers to drain funds, manipulation of price oracles that creates false market data, governance takeover through token concentration or bought votes, and economic attack methods such as flash-loan exploits.

The founder noted that these risks are often linked: a flaw in one protocol can cascade through composable systems and cause larger failures. He also cautioned that audits and automated tools lower the chance of vulnerabilities but do not eliminate them.

Industry participants responded by identifying technical and economic measures that could reduce risk. Examples cited include formal verification of critical code, stronger operational controls in project operations, clearer incident-response plans, and market mechanisms designed to limit how shocks propagate from one protocol to others.

OpenZeppelin's work aims to reduce preventable errors in smart contracts through audits and libraries. Developers, investors and auditors continue to discuss which practices and tools most effectively limit exploit risk as projects update designs and security processes.