Two separate attacks hit Uniswap users this week, draining a combined $600,000 — one exploiting weaknesses in the WUSD.fi and GLOVE incentive system on Uniswap V3, the other using fraudulent Google ads to impersonate the exchange. The incidents come as Manuel Aráoz, founder of OpenZeppelin, told associates he now considers all of DeFi unsafe, citing an asymmetric security challenge that attackers are winning.
The WUSD.fi and GLOVE exploit
Attackers drained roughly $200,000 from DeFi liquidity pools on Uniswap V3 by cycling funds through multiple wallets to repeatedly farm rewards. The flaw lay in the protocol's incentive structure — attackers took advantage of weaknesses in the WUSD.fi and GLOVE reward system, essentially gaming it to extract more than they should have been able to. It's the kind of manipulation that smaller projects often miss during audits.
Fake Google ads siphon $400,000
Separately, fraudulent Google advertisements impersonating Uniswap routed users to phishing sites. The campaign drained at least $400,000 before being flagged. Phishing attacks aren't new, but the scale and speed of this one caught attention — cybersecurity analysts note that AI tools now let attackers build phishing infrastructure and simulate exploit strategies faster than ever.
Aráoz: Defenders can't keep up
Aráoz didn't mince words. He reportedly told friends and family to pull funds from major DeFi platforms including Aave, MakerDAO, and Compound. His reasoning: defenders must fix every vulnerability, while attackers only need one exploit to steal. And AI-powered coding tools let attackers scan contracts for weaknesses at a speed and scale most security teams can't match. OpenZeppelin previously identified a vulnerability from the interaction between ERC-2771 and Multicall standards — a reminder that even well-known protocols have hidden corners.
Modern DeFi protocols stack multiple components — bridges, lending, staking, reward contracts — which widens the attack surface. Major projects have invested in audits, bug bounties, and formal verification, but remain vulnerable to phishing and incentive manipulation. Smaller DeFi projects, which can't afford continuous security reviews, could be the hardest hit as attackers get faster.
The timing isn't great for a sector already under regulatory scrutiny. No one's saying DeFi is dead, but the question hanging over the room is whether the security model can adapt before the next wave of AI-driven exploits arrives.
