OpenZeppelin

Recent posts by Manuel Aráoz on AI and DeFi security have been widely circulated, and customers have asked whether they reflect OpenZeppelin's position. They do not. Manuel co-founded OpenZeppelin and served as the company’s CTO until 2019 when he left the company. Since 2015, OpenZeppelin has secured over $35 trillion in value transferred onchain. We maintain the libraries underpinning most DeFi protocols, and a growing number of innovative financial use cases. Our position is grounded in that work. AI is a real threat vector, but it is also one of the most powerful defensive tools we have, if used with rigor and expert human judgment. Our researchers use AI daily to catch more issues and edge cases. The answer to AI risk is not retreat from DeFi. It is better security. The last month has been a hard one for the industry. But most recent incidents trace back to operational security failures, not smart contract bugs. That distinction matters, and hardening both is the work our team and our partners do every day. We have secured DeFi for a decade, and that work now matters more than ever. We are in it alongside the protocols, institutions, and developers building the next era of finance.

Open standards are how the Ethereum ecosystem moves forward. We are proud to have collaborated with the Ethereum Foundation Platform team to build the Open Intents Framework core components: solver, broadcaster, and APIs. All open-source and fully audited: https://openintents.xyz/

Financial institutions have rigorous frameworks for evaluating vendors. But when it comes to blockchain partners, those frameworks leave critical risks unexamined. A vendor can satisfy every line of a standard compliance framework and still be running smart contracts that have never been audited. SOC 2 and ISO 27001 weren't designed to surface smart contract vulnerabilities, key management failures, or operational security gaps. Client capital in a tokenized asset workflow may pass through contracts governing issuance, transfer restrictions, custody, settlement, and bridging, each from a different vendor and each an independent point of failure. See what blockchain-specific due diligence looks like: https://lnkd.in/eCAJMdbC

Last week we announced the OpenZeppelin Continuous Security Program. Proud to have these teams already running on the most comprehensive security model, treating security as continuous operations, not just point-in-time audits. Uniswap, Across Protocol, and ZKsync Check out how the organizations shaping the future of blockchain approach security: https://lnkd.in/dQGGDB_W

Smart contract security requires lifecycle-level thinking, not just point-in-time snapshots 🔒 OpenZeppelin contributed to the new Blockchain Security Standards Council (BSSC) Smart Contract Security Standard to support establishing a chain-agnostic baseline for full application-layer security.

Evaluating blockchain network risk is foundational for institutional onchain products 🔒 Our 48-page Technical Risk Assessment provides the structured methodology financial institutions need when selecting blockchain networks for regulatory compliance.

Recently, J.P. Morgan cited persistent security flaws as a barrier to institutional DeFi participation. The concern is legitimate, and addressing it requires a different security posture than what most institutions currently have. Several major losses in 2024-2026 originated from failures surrounding protocols, not contract code. Most institutional risk registers address only one of the four threat layers. Monitoring changes outcomes. Automated watchdogs have detected exploits in real time, recovering funds within minutes. Institutions that instrument blockchain activity well can respond before losses become permanent. Read to learn more about what a mature security program looks like: https://lnkd.in/eh8Hwj9e

Crypto companies lost over $3.4 billion to hacks in 2025 🚨 The largest losses didn't come from smart contract bugs. They came from compromised credentials, operational failures, and code shipped between audits. While audits are essential, it's clear they're not enough. Today we're introducing the OpenZeppelin Continuous Security Program. A subscription-based engagement that brings a decade of OpenZeppelin security standards and expertise to your team continuously, scaled by AI-native workflows powered by AI Auditor. Traditional audits review code at a point in time. With continuous security, you can validate the design before code is written, build on secure foundations, catch vulnerabilities continuously, and keep production safe as it evolves. See how it works: https://lnkd.in/gzFArX3j

The OpenZeppelin Relayer now supports Zama FHEVM 🔐 Build confidential smart contracts without the transaction infrastructure overhead. FHE stays in Zama's SDK while the Relayer covers transaction submission with encrypted inputs and EIP-712 signing. To get started, see the end-to-end Zama FHEVM example with the OpenZeppelin Relayer 👇 https://lnkd.in/daGHhrXp

When financial institutions put client assets onchain, supervisors expect a defensible answer to one question: how was the blockchain network evaluated? Networks differ in finality guarantees, governance, and continuity exposure. And those differences shape regulatory risk. We've published OpenZeppelin's Technical Risk Assessment on Blockchain Networks: a structured 6-dimension methodology currently covering Ethereum, Solana, BSC, XRP Ledger, Tron, and Canton. Get the full 48-page report: https://lnkd.in/dyuG_mDE