More and more cybercriminals are hacking into cryptocurrency platforms, specifically targeting smart contracts that haven’t been thoroughly checked for weaknesses. They’re taking advantage of flaws in the code, which is often kept private, and making off with millions of dollars.
Chainalysis, a blockchain analytics company, recently reported that attackers have stolen around $36.7 million from five popular decentralized finance (DeFi) platforms in the last six months. These thefts happened because the attackers found weaknesses in the platforms’ code, specifically in parts that hadn’t been made publicly available for review.
Recent progress in artificial intelligence and tools that break down smart contracts are making it simpler for hackers to analyze code and find security flaws.
The four major exploits
As an analyst, I’ve been tracking activity and identified four significant incidents related to unaudited or unverified smart contracts between January and May of 2026. These incidents warrant further investigation due to the risks associated with these types of contracts.
On January 8th, Truebit suffered a major attack, losing around $26.2 million. Security researchers determined the attack happened because of a flaw in the way the protocol calculated prices, specifically an integer overflow vulnerability within its bonding curve system.
Several other hacks also occurred: Trusted Volumes suffered a $5.9 million loss due to a problem with how access was controlled. In January, Aperture Finance lost $3.2 million because of a weakness in how it checked information being entered. And in May, Ekubo had $1.4 million stolen when it failed to properly confirm who was making a payment.
In all incidents, the contracts that were exploited hadn’t been verified on blockchain explorers and their source code wasn’t publicly available. While this represents a relatively small amount of the over $1 billion stolen from DeFi platforms during this time, the pattern itself is concerning.
Truebit exploit highlights a growing threat
The Truebit attack has become one of the most notable examples of the trend.
Chainalysis reports that a security flaw in a contract deployed in 2021 was exploited by attackers. The contract wasn’t verified on Etherscan, and the attackers took advantage of a bug in how prices were calculated. This allowed them to create a large number of tokens with very little cost, which they then exchanged for real Ethereum.
Investigators found evidence that the attacker had been carefully searching for weaknesses in various contracts before launching the large-scale, multi-million-dollar attack.
This wasn’t just a lucky break for the attacker; it looks like they were actively probing different platforms for weaknesses beforehand. They weren’t just stumbling into this – they were clearly testing the waters to see where they could strike with a bigger attack. As an investor, it’s concerning to see this level of preparation.
AI rewrites the economics of exploitation
Chainalysis suggests that improvements in artificial intelligence are likely speeding up the discovery of vulnerabilities in smart contracts. New tools can now translate the complex code that powers these contracts into a more understandable format, similar to Solidity. This allows AI systems to scan the code for common weaknesses, such as security flaws related to how contracts interact with each other, problems with who can access certain functions, and simple calculation mistakes.
Security experts are seeing more evidence that hackers are creating automated systems to quickly examine many contracts at once. These systems help them find the most vulnerable contracts that could lead to the biggest financial gains.
The report shows that a process which used to take days of painstaking manual work can now be done faster and on a larger scale with some automated help.
Why attackers like unverified contracts
Although checking unconfirmed contracts takes more work, they can also provide attackers with major opportunities.
Unlike contracts that are publicly checked, closed-source systems aren’t often reviewed by security experts or independent researchers. Plus, these systems usually don’t offer rewards for finding and reporting bugs, meaning weaknesses are less likely to be found and fixed before someone exploits them.
As a result, attackers often face less competition when searching for exploitable flaws.
The report indicates that some security practices rely on the outdated idea that keeping source code secret enhances protection, despite the fact that current technology is making this approach less effective.
Recent exploits highlight broader security risks
Chainalysis’s recent discoveries follow a wave of significant security breaches in the crypto world, highlighting weaknesses in how smart contracts and bridges are built and operate.
This week, Humanity Protocol announced a security breach where attackers gained access to administrator keys for its bridge system. This allowed them to steal over $36 million worth of H tokens and create hundreds of millions more on the BNB Chain. As a result, the value of the H token dropped dramatically, losing about 80% of its worth.
As a crypto investor, I was pretty concerned to hear about the Syscoin bridge being temporarily shut down. Apparently, there was a bug that let someone create a huge number of fake SYS tokens – around 5 billion! Thankfully, the Syscoin team quickly fixed the problem and is working with exchanges to identify and freeze any of those unauthorized tokens. It’s good to see they acted fast to protect everyone.
Although different from the unconfirmed smart contract hacks Chainalysis has pointed out, these events show that vulnerabilities in the technology behind smart contracts, how bridges are checked for security, and how systems are managed still pose major threats to the entire crypto world.
Chainalysis suggests that verifying the source code of protocols should be a basic security requirement, not just something extra that’s nice to have.
We suggest double-checking all agreements with manufacturers, increasing the scope of our bug reward program, reviewing code that’s already live instead of just the code being developed, and setting up instant alerts to spot and address any unusual activity on the blockchain before it causes significant financial harm.
I’m starting to think that just keeping code closed-source won’t be enough to keep crypto projects secure. As AI gets better at analyzing code, it’s going to be easier to find vulnerabilities, even in hidden or ‘secret’ code. It’s making me reconsider how much I rely on projects that don’t prioritize transparency – ultimately, I need to know my funds are safe, and secrecy isn’t a guarantee anymore.
Read More
- Gold Rate Forecast
- EUR CNY PREDICTION
- SUI PREDICTION. SUI cryptocurrency
- Seven Snipers Review: A Sharpshooter Action Movie That Misses More Than It Hits
- USD BRL PREDICTION
- USD HKD PREDICTION
- USD TRY PREDICTION
- 7 Classic Free Animated Shows Hidden Deep on Streaming
- Taylor Swift’s Toy Story 5 Song Now Officially Available to Stream (& It’s Not What I Expected)
- Black Clover Confirms Special Chapter After Manga Finale
2026-06-10 11:01