OpenZeppelin, the smart contract security firm whose libraries power most decentralized finance protocols, has publicly distanced itself from a viral statement made by its co-founder and former CTO, Manuel Aráoz. Aráoz declared that all of DeFi is fundamentally unsafe. The company said that claim does not represent its position.
What Aráoz said
Over the weekend, Aráoz posted a lengthy critique of the DeFi ecosystem, arguing that the underlying architecture of smart contracts and the incentives they create make the entire sector dangerously flawed. The post circulated widely on social media, drawing reactions from developers, investors, and protocol teams who rely on OpenZeppelin's audited code. Aráoz left his executive role at the firm years ago but remains a prominent figure in crypto security circles.
OpenZeppelin's cleanup
In a brief statement issued Monday, OpenZeppelin acknowledged the post but stressed that Aráoz has not been involved in the company's day-to-day operations for some time. The firm's libraries remain the most widely used base for Ethereum-based contracts, handling millions of dollars in locked value daily. OpenZeppelin did not address each of Aráoz's technical points, but the implication was clear: his views are his own, not the company's.
OpenZeppelin's libraries are a foundational piece of DeFi. When a former founder calls the entire industry unsafe, it can rattle confidence. The company's quick response suggests it wanted to prevent that message from becoming the default narrative. The clarification does not dismiss all security concerns — audits and code reviews remain a major bottleneck for protocol launches — but it does reject the idea that the problem is irredeemable.
No further statement from Aráoz has appeared since OpenZeppelin's rebuttal. Whether he will respond or refine his argument is unclear. For now, the company has drawn a line between its current work and one of its founders' most provocative claims.
