Data shows that as of June, DeFi TVL has dropped from about $115 billion at the beginning of the year to approximately $70 billion, a decline of 39%, decreasing almost every month.
Simultaneously, security incidents have brought another layer of pressure to DeFi. According to statistics, since 2026, there have been 121 hacker attacks in the DeFi sector, resulting in cumulative losses of about $942 million. Among these, 85 incidents occurred in the second quarter alone, causing losses of $775 million, making it the quarter with the most frequent attacks during that statistical period.
With the proliferation of next-generation AI tools, the cost and skill requirements for finding smart contract vulnerabilities have significantly decreased, forcing security audit firms to stand at the center of this transformation.
I. The AI-ization of Attack Vectors, Old Security Defenses Are Failing
The Collapse of the Old Logic
When the industry discusses the impact of AI on the crypto field, the first reactions are often about quantitative trading, robo-advisors, or on-chain data analysis. But reality has taken an unexpected turn: the first area that AI has fundamentally penetrated is the business originally considered the most stable in this industry—security auditing.
Two or three years ago, security audit companies were seen by investment institutions as conservative bets to participate in the crypto industry's growth. The logic was straightforward: as long as new protocols launched, audits were needed; the more prosperous the industry, the higher the audit demand; high per-client revenue, stable income, independent of token price fluctuations.
Immunefi data shows that DeFi protocol losses due to hacker attacks had dropped 74% from their 2022 peak of $2.62 billion to approximately $680 million in 2025. Cross-chain bridge attacks' share of total DeFi losses significantly decreased from 73% in 2022 to 3% in 2025. The industry generally believed that the ongoing maturity of security audits was playing a role.
However, this judgment is gradually being proven wrong.
On June 9th, Anthropic released its next-generation AI model, Claude Mythos. A viewpoint subsequently emerged in the market: the abnormal recent increase in the frequency of attacks on leading protocols may be linked to the continuous leap in the capabilities of cutting-edge AI models.
Simon Dedic, founder of Moonrock Capital, pointed out that with the proliferation of next-generation AI tools, the cost and skill requirements for finding smart contract vulnerabilities will drop to essentially zero. Protocols without audits will become targets, and known vulnerabilities will be repeatedly exploited.
Chainalysis data confirms this trend: In the past six months, attacks targeting only contracts with unverified source code have caused approximately $36.7 million in losses. Attackers use AI-assisted decompilation of raw bytecode to find vulnerabilities, and large language models can now identify vulnerability patterns at scale, systematically scanning thousands of contracts, including Truebit, Aperture Finance, Ekubo, and others.
The entire process from discovery to execution by attackers is being compressed to the minute level. The validity period of traditional audit reports is measured in months. This time gap is the most fatal structural crack in the old audit model.
Audited, Still Hacked?
The main targets of hacker attacks are no longer second or third-tier small protocols. Drift Protocol is a leading perpetuals platform on Solana, its smart contracts having undergone multiple rounds of audits by several well-known security firms. However, an investigation by security firm TRM Labs revealed that the attacker used a six-month-long social engineering attack to gradually infiltrate Drift team members, ultimately obtaining privileged admin keys.
A similar situation occurred with KelpDAO. The attacker exploited a vulnerability in the single-validator-node configuration of the LayerZero cross-chain bridge to forge deposits and mint uncollateralized tokens, stealing $293 million within 46 minutes. It was later determined that a multi-validator-node configuration had been recommended previously but was not adopted. The contract passed the audit, but a flaw in the infrastructure configuration still led to the loss.
In those audited protocols, while code correctness was covered, attackers bypassed them through business logic and operational processes.
On the other hand, AI's scanning scope isn't limited to new protocols. Web3 security company GoPlus Security points out that attackers are using AI technology to extensively mine vulnerabilities in historical contracts deployed years ago. On June 9th, a 7-year-old Ethereum contract, Token of Power, was attacked, losing about $1.5 million; on May 25th, a 3-year-old WUSD.fi contract was attacked, losing about $200,000; an old contract deployed 2 years ago for Aztec Network was attacked twice on June 14th and 18th, with combined losses exceeding $4 million. This suggests that the protective validity period of old audit reports may have already reached zero.
Just last month, Manuel Aráoz, co-founder of crypto security company OpenZeppelin, stated that he now believes "all DeFi is insecure" and has advised friends and family to exit all DeFi positions, including those in Aave, MakerDAO, and Compound. His reasoning is that AI programming agents' ability to find vulnerabilities has reached superhuman levels, while the structure of smart contract security is extremely asymmetric—defenders must patch every vulnerability, while attackers only need to find one effective entry point.
OpenZeppelin has provided audit services for Aave, Compound, Uniswap, Coinbase, and is one of the most important smart contract security infrastructure providers in the crypto industry. Such a statement carries unusual weight coming from him.
However, there is market debate on this. Aave ecosystem contributor Marc Zeller mentioned that in the past year, less than 10% of DeFi losses stemmed from code vulnerabilities, with the rest coming from misconfigured risk parameters, improper collateral management, and weak operational security. 0G Labs CEO Michael Heinrich also pointed out that DeFi lending security has improved by about 98% compared to the 2020 baseline.
The current issue is that the scope covered by code audits is becoming increasingly limited, while attackers' attack surface continues to expand. The old security framework can no longer provide a convincing answer.
II. Responses and Restructuring by Projects and Audit Firms
Although old audit standards show obvious cracks in the face of AI attacks, this does not mean audit demand will disappear. On the contrary, both project teams and audit companies will adjust according to the new reality.
Short-term: Centralized Release of Defensive Audit Demand
Many leading protocols that have already undergone audits are now under pressure to be re-audited according to new security standards of the AI era. Project teams are beginning to realize that with the continuous improvement of AI attack capabilities, the protection cycle of traditional audits is shortening.
The nature of this demand is defensive spending, not a signal of healthy industry growth. Security firm CertiK noted in its 2026 regulatory report that smart contract security audits are upgrading from an industry best practice to a regulatory entry requirement, becoming a necessary threshold for license approval and token listings.
In the short term, this defensive spending will generate some audit demand, but it is more of a passive investment by projects to reduce risk.
Long-term: Fundamental Divergence in Audit Companies' Business Models
Audit firms are also feeling the pressure. As attack-side AI tools continue to evolve, leading companies are accelerating the development of their own detection capabilities. Several major audit firms have launched AI-assisted audit systems between 2025 and 2026, using multi-model parallel analysis and automated detection to improve efficiency.
While efficiency improves, the traditional model faces compression. The commercial value of delivering a one-time audit report is declining. In the long run, firms relying on point-to-point reports face the risk of shrinking business volume.
JPMorgan analysts explicitly stated that persistent DeFi security incidents are limiting the entry of major institutional investors. This is not just about market sentiment; it is a public challenge to the very existence value of the entire audit industry.
The smart contract audit platform Code4rena, known for its competitive audit model, recently announced its shutdown, with client and researcher resources transferred to Immunefi. This platform had raised $6 million from Paradigm in 2023 and was once seen as a strong complement to the traditional audit model, ceasing operations less than two years after being acquired.
Image Source: RootData
The DeFi lending protocol Radiant, after experiencing a hacker attack in October 2024, announced its entry into a shutdown phase after 18 months of unsuccessful efforts to recover funds. Ionic Protocol also announced an immediate halt to all operations due to the expanding impact of a security vulnerability.
However, change is not unidirectional. AI also demonstrates superhuman capabilities on the defense side—the question is who uses it first.
AI-native audit tool Firepan disclosed that during an independent audit of Curve Finance's new AMM contract in April 2026, it discovered a critical combinatorial vulnerability: each attribute alone was normal code, but under a specific combination of operations, an attacker could bypass the donation protection mechanism and withdraw funds.
Curve had previously undergone multiple rounds of review by six independent audit firms and is considered one of the most heavily audited protocols in DeFi, yet this vulnerability remained hidden in the blind spot of manual audits.
Curve Finance founder Michael Egorov later commented that AI is indeed helpful for smart contract security. However, he also noted that AI's success in detecting vulnerabilities in browsers and the Linux kernel cannot be directly applied to smart contracts—smart contracts are usually only a few thousand lines of code, which humans and conventional AI can fully reason about. The real risks to be wary of come more from OpSec-level key leaks and supply chain attacks, rather than the code vulnerabilities themselves.
A similar case has emerged in the privacy coin space. Security engineer Taylor Hornby, commissioned by the non-profit Shielded Labs, used the Anthropic Opus 4.8 model to audit the Zcash protocol and discovered a critical vulnerability in the Zcash Orchard privacy pool that had gone undetected since 2022. Theoretically, it could allow an attacker to mint unlimited counterfeit ZEC that cannot be detected on-chain.
Zcash founder Zooko Wilcox publicly thanked Anthropic afterwards. Hornby also stated that he has added Monero (XMR) to the audit queue and will conduct security reviews on more privacy coin projects in the future.
It is reported that OpenZeppelin has launched the Skills system, providing AI programming agents with authoritative knowledge from its audited smart contract libraries, moving the defense line forward to the development stage.
This is the new direction traditional audit firms are forced to take—transitioning from post-hoc review to full-process embedding, from one-time delivery to continuous monitoring, formal verification, and real-time on-chain risk detection.
Conclusion
Overall, the security audit sector is transitioning from a growth model to a competitive one. AI accelerates both attack efficiency and defense system upgrades. This process not only affects the commercial form of audit companies but also requires the entire DeFi ecosystem to rethink how it approaches security investment.
For project teams, the era of "one audit, security for life" is over. Security is no longer just a pre-launch formality but an infrastructure requiring continuous investment.
For audit firms, passively keeping up with AI is no longer sufficient. Players that can more quickly complete a comprehensive restructuring from tools to service models are more likely to remain at the table in the next phase.
