Woofun AI reports that DeFi total value locked (TVL) has contracted from approximately $115 billion at the start of the year to roughly $70 billion by June, representing a 39% decline. Since the beginning of 2026, the sector has endured 121 distinct hacker attacks, accumulating total losses of about $942 million, with the second quarter alone witnessing 85 incidents that drained $775 million from the ecosystem. The convergence of advanced artificial intelligence and blockchain exploits has fundamentally altered the threat landscape, transforming security auditing from a manual best practice into an urgent, automated necessity.

The proliferation of next-generation AI tools has drastically reduced the cost and technical skill required to identify smart contract vulnerabilities. On June 9, Anthropic unveiled the Claude Mythos model, a development that market observers link directly to the recent surge in attack frequency against leading protocols. Simon Dedic, founder of Moonrock Capital, emphasized that the democratization of these AI tools is driving the barrier to entry for finding smart contract flaws down to nearly zero.

This shift implies that malicious actors no longer require elite cryptographic expertise to dismantle complex financial systems, as large language models can now systematically scan thousands of contracts to identify vulnerability patterns at scale.

Data compiled by Chainalysis reveals that in the past six months, attacks specifically targeting contracts with undisclosed source code have generated losses of about $36.7 million. Attackers are increasingly employing AI-assisted reverse engineering of original bytecode to uncover hidden flaws, a technique that allows them to bypass traditional obfuscation methods. Large language models are now capable of scaling these operations to target specific protocols, including Truebit, Aperture Finance, and Ekubo, effectively turning the audit process into an automated arms race where detection speed determines survival.

The profile of primary targets has shifted away from small second or third-tier protocols toward established market leaders. Drift Protocol, a leading perpetual contract platform on Solana, suffered a breach following a six-month social engineering campaign that ultimately yielded privileged administrator keys to the attackers. KelpDAO faced a parallel crisis where adversaries exploited a single validation node configuration vulnerability within the LayerZero cross-chain bridge to forge deposits and mint uncollateralized tokens, executing a theft of $293 million in just 46 minutes. These incidents demonstrate that even top-tier infrastructure is susceptible to sophisticated, prolonged, and highly targeted operational failures.

Web3 security firm GoPlus Security highlighted a disturbing trend where attackers leverage AI technology to extensively mine vulnerabilities in historical contracts deployed years ago. On June 9, a seven-year-old Ethereum contract known as Token of Power was compromised, resulting in a loss of about $1.5 million. Similarly, on May 25, a three-year-old WUSD.fi contract was attacked, causing losses of approximately $200,000. An older contract deployed by Aztec Network two years prior was struck twice on June 14 and June 18, with cumulative losses exceeding $4 million. These events underscore that age does not confer immunity, as AI agents can retrospectively analyze legacy codebases with unprecedented efficiency.

Manuel Aráoz, co-founder of crypto security company OpenZeppelin, has adopted a starkly pessimistic stance, stating that he now believes "all DeFi is unsafe." He has advised friends and family to withdraw from all DeFi positions, including major platforms like Aave, MakerDAO, and Compound, citing the superhuman capability of AI programming agents to locate vulnerabilities.

However, this view faces significant market contention. Aave ecosystem contributor Marc Zeller noted that in the past year, less than 10% of DeFi losses originated from code vulnerabilities, with the remainder stemming from risk parameter configuration errors, improper collateral management, and weak operational security.

Furthermore, 0G Labs CEO Michael Heinrich argued that the security of DeFi lending has improved by about 98% compared to the 2020 benchmark, suggesting that the narrative of total insecurity may be overstated.

Regulatory frameworks are responding rapidly to these evolving threats. Security firm CertiK indicated in its 2026 regulatory report that smart contract security audits are transitioning from industry best practices to mandatory regulatory entry conditions for license approval and token listings. Between 2025 and 2026, several mainstream audit firms launched AI-assisted audit systems, utilizing multi-model parallel analysis and automated detection to enhance efficiency. Despite these advancements, J.P. Morgan analysts explicitly warned that ongoing DeFi security incidents are actively limiting the entry of major institutional investors, creating a chilling effect on capital inflows.

The industry is witnessing a wave of structural contractions as entities struggle to maintain viability. The smart contract auditing platform Code4rena recently announced its shutdown, transferring client and researcher resources to Immunefi. The DeFi lending protocol Radiant entered a shutdown phase following a hacker attack in October 2024, while Ionic Protocol announced an immediate cessation of all operations due to the persistent impact of security vulnerabilities. These closures signal a potential consolidation phase where only the most resilient or well-capitalized entities can survive the current security climate.

Innovation in defense mechanisms continues to emerge alongside the threats. AI-native auditing tool Firepan disclosed that during its independent audit of Curve Finance's new AMM contract in April 2026, it identified a critical combinatorial vulnerability. Michael Egorov, founder of Curve Finance, acknowledged that AI has been instrumental in smart contract security but cautioned that the most significant risks remain OpSec-level key leaks and supply chain attacks rather than code vulnerabilities themselves. This distinction highlights the complexity of modern security, where software integrity is only one component of a broader risk matrix.

Security engineer Taylor Hornby, commissioned by the non-profit organization Shielded Labs, utilized the Anthropic Opus 4.8 model to audit the Zcash protocol, uncovering a critical vulnerability in the Zcash Orchard privacy pool that had remained unnoticed since 2022. Zcash founder Zooko Wilcox publicly thanked Anthropic for this discovery, validating the utility of AI in retrospective security analysis. Hornby further stated that he has added Monero (XMR) to the audit queue, indicating a broader application of these tools across privacy-focused networks. OpenZeppelin has also launched the Skills system, providing authoritative knowledge of audited smart contract libraries to AI programming agents. This initiative moves the defense line forward to the development stage, representing a strategic shift from post-event reviews to full integration, continuous monitoring, formal verification, and on-chain real-time risk detection. The trajectory of DeFi security is now defined by the speed at which AI can both break and build defenses, marking a definitive era of automated warfare in the digital asset space.