OpenZeppelin Founder Warns All DeFi Looks Unsafe

OpenZeppelin co-founder Manuel Aráoz said he now considers all of DeFi unsafe, including blue-chip positions on Aave, MakerDAO and Compound. He wrote that he has been privately advising friends and family to exit DeFi because attacker incentives now overpower defensive assumptions across major protocols quickly.

Aráoz pointed to coding agents and the asymmetry of smart contract security, where defenders must catch every weakness while attackers need only one exploit. His comments landed after a brutal April, when DeFi protocols lost nearly $630 million across 27 reported exploits in one month.

The worst breaches were Drift’s $285 million social engineering attack and KelpDAO’s $293 million bridge exploit, both widely attributed to North Korea-linked hackers. DeFi total value locked has since dropped about 14%, falling from roughly $172 billion to $148 billion as users retreat from risk.

May has brought smaller but persistent incidents, including a $11.6 million Verus Network bridge exploit and Polymarket’s $573,200 breach tied possibly to a private key compromise. Aráoz’s warning frames the problem as structural, with AI-assisted attackers widening DeFi’s security gap faster than protocols adapt defensively.

SoFi Puts Bank Stablecoin in 15 Million Apps

SoFi launched SoFiUSD inside its consumer banking app, giving nearly 15 million members access to a bank-issued dollar token on Ethereum and Solana. The token is redeemable 1:1 through SoFi Bank. Reserves are backed by liquid assets and regular third-party attestations for users in consumer finance.

The fintech plans to add FDIC-insurable tokenized deposits, around-the-clock cross-border transfers, and a Bullish listing for institutional access. CEO Anthony Noto said users no longer need to choose between blockchain and regulated banking. SoFi warned the stablecoin itself is not FDIC-insured by design yet for members.

Mastercard Wins New York BitLicense for Stablecoins

Mastercard secured a New York BitLicense for its US transaction services unit, giving the payments giant approval under a strict digital asset regime. The license supports stablecoin, tokenized deposit, and blockchain settlement work. New York requires capital, cybersecurity, compliance, and consumer-protection controls for operators statewide.

The approval follows Mastercard’s $1.8 billion BVNK acquisition and growing focus on stablecoin payment infrastructure. Chief product officer Jorn Lambert said clear rules build trust as digital value moves from experiments into use. Mastercard said its strategy centers on interoperability, reliability, and compliance across payments.

Trump Backs CFTC Power Over Prediction Markets

President Donald Trump publicly backed CFTC Chair Michael Selig’s claim of exclusive federal authority over prediction markets. Selig has sued five states while arguing event contracts belong under derivatives law, not local gambling rules. Trump called the jurisdiction fight critically important for US markets and innovation.

The intervention lands as Polymarket, Kalshi, and sports-linked contracts face state resistance and federal expansion efforts. Trump also framed crypto as a major US industry competing globally. Critics said the CFTC has sidelined staff concerns involving firms with political or family-linked business ties recently, raising scrutiny.

Data of the Day

DeFi total value locked fell from roughly $172 billion to $148 billion after the KelpDAO bridge exploit shook confidence across protocols. Attackers stole about $292 million in rsETH by manipulating off-chain infrastructure. Lending suffered the deepest drawdown, sliding from $53 billion to $40 billion overall.

The prolonged outflows suggest users are reducing broad DeFi exposure rather than punishing only KelpDAO or LayerZero-linked infrastructure. Analysts said the attack revealed a threat surface beyond audited smart contracts. Off-chain validators, RPC nodes, and bridge verification systems now sit under sharper scrutiny across markets.

More Breaking News

• A $1.3 billion dark pool IBIT block sale signaled institutional Bitcoin ETF rebalancing, with spot products seeing $334 million in weekly outflows and sentiment weakening.
• Aztec Labs acquired Obsidion to keep ZKPassport open-source, pairing privacy-preserving identity checks with its Ethereum Layer 2 as online verification demand and compliance tools mature.
• Kraken launched Bitcoin Vaults offering up to 2.5% APY through onchain lending strategies, with five-day withdrawals and rewards paid in BTC after provider fees.
• Solana DEX Orca launched permissioned pools for regulated real-world assets, starting with Streamex’s gold-linked GLDY security and KYC-gated US trading access online for issuers.
• Robinhood opened stock trading and credit card spending to AI agents, adding isolated accounts, spending limits, notifications, and kill switches for stronger user control.
• Singapore charged former Hodlnaut CEO Zhu Juntao over alleged misleading Terra exposure claims, with prosecutors citing $189.7 million in losses and possible prison time.
• China’s Supreme People’s Court will study new rules for virtual currency, cross-border finance and AI cases while Beijing keeps its crypto transaction ban intact.
• CatFi surged nearly 6,000% after South Korean prosecutors charged five alleged creators over a $600,000 PumpFun rug pull under a new investor-protection law precedent.
• A reported Tesla-SpaceX merger could create the fifth-largest public corporate Bitcoin treasury, combining 30,221 BTC worth about $3.3 billion under Elon Musk’s control overall.

For the latest updates on digital asset markets, follow us on X @Datawalletcom.