Key facts
- Blockchain security experts recommend continuous smart contract reauditing due to AI-driven vulnerability discovery.
- Hackers are increasingly exploiting codebases of defunct DeFi protocols, leading to substantial financial losses.
- In the first half of 2026, hackers stole $1.32 billion, employing advanced methods aided by AI tooling.
- A significant vulnerability in Zcash's Orchard shielded pool was identified by an AI auditing agent.
- Over $72.3 billion in crypto is locked across DeFi protocols, providing strong incentives for exploitation.
Blockchain security experts are advising cryptocurrency protocols to conduct continuous audits of their smart contracts, as advancements in artificial intelligence are significantly accelerating hackers' ability to discover vulnerabilities.
Ari Redbord, head of policy at TRM Labs, emphasized that current attack techniques are evolving faster than a single audit can cover, leaving protocols exposed to new threats. CertiK reported that hackers stole $1.32 billion in the first half of 2026, employing sophisticated strategies, including revisiting older codebases with improved automated tooling.
A recent incident involved Zcash, where a major security flaw in its Orchard shielded pool, present for four years, was identified by an AI-powered auditing agent. This bug could have allowed undetectable counterfeiting. CertiK warned that the window of vulnerability extends beyond a protocol's launch, making reauditing a recurring necessity.
Anthropic's research indicated that AI agents found $4.6 million in exploitable vulnerabilities in smart contracts. With over $72.3 billion in crypto locked across DeFi protocols, the incentive for hackers remains high.
Recent exploits include the theft of $2.1 million from the defunct Aztec Connect protocol and $300,000 from a smart contract on the decentralized exchange mySwap, even after its user interface had been inactive for months. In a more positive development, a white hat recovered over $1.72 million from the failed Hong Coin initial coin offering due to a bug in its auto-refund function.
Redbord also stressed that addressing these security issues requires more than just code hardening; it involves disrupting malicious actors, including those linked to North Korea and Chinese money laundering networks.