Decentralized finance (DeFi) protocols have lost at least $36.7 million over the past six months due to hacks targeting unverified smart contracts, according to a new report from blockchain analytics firm Chainalysis. The findings, cited by Cointelegraph, highlight a growing trend where attackers focus on protocols with undisclosed source code, often exploiting vulnerabilities that have existed for years.
Largest Single Incident: The Truebit Exploit
The most significant breach involved Truebit, a protocol designed to verify computational tasks on the Ethereum network. An attacker exploited a vulnerability in an unverified smart contract that had been deployed on Ethereum since 2021, stealing $26.2 million. This single incident accounts for more than 70% of the total losses reported in the six-month period. Other affected protocols include Trusted Volumes, Aperture Finance, and Ekubo, though details on their individual losses remain limited.
AI and Decompilers: A New Era of Exploitation
Chainalysis noted that recent advancements in decompiler tools and artificial intelligence are making these exploits significantly easier to execute. Smart contracts that once required days of manual analysis by specialized security experts can now be analyzed and exploited at scale using AI-driven tools. This lowers the barrier to entry for malicious actors and increases the frequency of attacks on poorly audited or unverified code.
Why Unverified Smart Contracts Are a Target
Unverified smart contracts lack publicly available source code on blockchain explorers like Etherscan. This obscurity was once considered a minor security measure, but the report suggests it now makes protocols a prime target. Hackers use decompilers to reverse-engineer the bytecode, identify weaknesses, and launch attacks. The Chainalysis data underscores that transparency in smart contract code is becoming a critical security requirement, not just a best practice.
Implications for the DeFi Ecosystem
The findings come at a time when the DeFi sector is already under intense regulatory and security scrutiny. For users, the report serves as a warning to verify whether the protocols they interact with have audited, open-source smart contracts. For developers, it highlights the urgent need for comprehensive security audits and code verification before deployment. The use of AI by attackers also signals that security teams must adopt equally advanced tools for threat detection and vulnerability assessment.
Conclusion
The Chainalysis report paints a clear picture: the DeFi industry is facing a new wave of sophisticated attacks enabled by AI and targeting unverified code. With $36.7 million lost in just six months and the Truebit incident alone accounting for the majority of those losses, the message is unambiguous. Transparency, rigorous auditing, and proactive security measures are no longer optional — they are essential for the survival and trustworthiness of decentralized finance platforms.
FAQs
Q1: What is an unverified smart contract?
A: An unverified smart contract is one whose source code has not been published on a blockchain explorer like Etherscan. This makes it harder for users and security experts to review the code for vulnerabilities.
Q2: How is AI being used to hack smart contracts?
A: Attackers use AI-powered decompiler tools to reverse-engineer the bytecode of unverified smart contracts, identify security flaws, and automate the exploitation process at scale.
Q3: What can DeFi users do to protect themselves?
A: Users should only interact with protocols that have verified, publicly available smart contract code and have undergone independent security audits. Checking for recent audit reports and community feedback is also recommended.
Disclaimer: The information provided is not trading advice, Bitcoinworld.co.in holds no liability for any investments made based on the information provided on this page. We strongly recommend independent research and/or consultation with a qualified professional before making any investment decisions.
