Data shows that as of June, DeFi TVL has fallen from about $115 billion at the beginning of the year to about $70 billion, a drop of 39%, declining almost every month.

Meanwhile, security incidents have added another layer of pressure to DeFi. Statistics show that since 2026, there have been 121 hacking incidents in the DeFi space, with total losses of about $942 million. Among them, 85 incidents erupted in the second quarter alone, resulting in losses of $775 million, which became the quarter with the highest frequency of attack activities within this statistical period.

With the popularity of the new generation of AI tools, the cost and skill requirements for finding vulnerabilities in smart contracts have drastically decreased,security audit companies have been forced to stand at the center of this change.

1. The AI transformation on the attack side, the old security defenses are becoming ineffective

The Collapse of Old Logic

Whenever the industry talks about the impact of AI on the cryptocurrency space, the first reaction is often quantitative trading, smart investment advice, and on-chain data analysis. But the reality is surprising to everyone: the first area that AI has penetrated is the business that was thought to be the most stable in the industry—security auditing.

Two to three years ago, security audit companies were seen by investment institutions as conservative targets to capitalize on the cryptocurrency industry’s dividends. The logic was simple and direct: as long as a new protocol goes live, it needs to be audited; the more prosperous the industry, the stronger the auditing demand; with high customer transaction prices, revenue is stable and does not depend on token price fluctuations.

Immunefi data shows that losses caused by hacking of DeFi protocols have decreased by 74% from the peak of $2.62 billion in 2022, down to about $680 million in 2025. The proportion of losses from cross-chain bridge attacks dropped dramatically from 73% in 2022 to 3% in 2025. The industry generally believes that the continuous maturity of security auditing is playing a role.

However, this judgment has gradually been challenged.

On June 9, Anthropic released its next-generation AI model Claude Mythos. A perspective quickly emerged in the market: the recent unusual rise in the frequency of attacks on major protocols may be associated with the continuous leap in the capabilities of cutting-edge AI models.

Simon Dedic, founder of Moonrock Capital, pointed out that with the proliferation of new-generation AI tools, the cost and skill requirements for finding vulnerabilities in smart contracts will decrease to nearly zero, and un-audited protocols will become targets, with known vulnerabilities being continuously exploited.

Data from Chainalysis confirms this trend: over the past six months, attacks specifically targeting contracts with undisclosed source code have caused losses of about $36.7 million, attackers have used AI-assisted reverse engineering of the original bytecode to find vulnerabilities, and large language models are now capable of identifying vulnerability patterns on a large scale, systematically scanning thousands of contracts, with protocols such as Truebit, Aperture Finance, Ekubo among them.

The entire process from discovery to execution for attackers is being compressed to a matter of minutes. The validity period of traditional audit reports is measured in months, and this time difference represents the most fatal structural gap in the old audit model.

Was it audited but still hacked?

The main target of hacks is no longer small protocols in the second and third lines. Drift Protocol is a major perpetual contract platform on Solana, with its smart contracts audited multiple times by well-known security agencies. However, an investigation by security agency TRM Labs revealed that attackers had infiltrated Drift's team members through six months of social engineering attacks, ultimately obtaining privileged admin keys.

KelpDAO faced a similar situation. Attackers exploited a single validation node configuration vulnerability in the LayerZero cross-chain bridge, faked deposits, and minted uncollateralized tokens, stealing $293 million in just 46 minutes. It was later discovered that a multi-validation node configuration scheme had been recommended earlier but not adopted. The contract passed its audit, but flaws in the infrastructure configuration led to losses.

In those protocols that have been audited, although covering code correctness, they have been bypassed by attackers on business logic and operational processes.

On the other hand, AI has also shown super-human abilities on the defense side—the question is who will use it first.

AI-native auditing tool Firepan disclosed that it independently audited the new AMM contract of Curve Finance in April 2026 and discovered a critical combinatorial vulnerability: any single attribute appears to be normal code, but under specific operational combinations, attackers can bypass the donation protection mechanism and withdraw funds.

Curve had already undergone multiple rounds of scrutiny by six independent auditing firms and was recognized as one of the protocols with the highest auditing intensity in DeFi, yet this vulnerability still lurked in the blind spots of human audits.

Michael Egorov, founder of Curve Finance, later commented that AI does indeed help in smart contract security. However, he also pointed out that the successes of AI in detecting vulnerabilities in browsers and Linux kernels cannot be directly applied to smart contracts—smart contracts typically contain only a few thousand lines of code, allowing humans and conventional AI to reason adequately; the real risks that need to be guarded against are more related to OpSec-level key leaks and supply chain attacks, rather than the code vulnerabilities themselves.

Similar cases have also appeared in the privacy coin sector. Security engineer Taylor Hornby, commissioned by the non-profit organization Shielded Labs, used the Anthropic Opus 4.8 model to audit the Zcash protocol and found a critical vulnerability in the Zcash Orchard privacy pool that had gone unnoticed since 2022, theoretically allowing attackers to infinitely mint undetectable fake ZEC.

Zcash founder Zooko Wilcox publicly thanked Anthropic afterward. Hornby also stated that he has added Monero (XMR) to the audit queue and will conduct security reviews on more privacy coin projects in the future.

It is reported that OpenZeppelin has launched a Skills system, providing authoritative knowledge of audited smart contract libraries to AI programming agents, moving the defense line forward to the development stage.

This marks a new direction that traditional auditing companies are being forced to take, transitioning from post-audit reviews to full integration, from one-time deliveries to continuous monitoring, formal verification, and real-time risk detection on-chain.

Conclusion

Overall, the security audit track is undergoing a transformation from a dividend model to a competitive model. AI has accelerated attack efficiency and promoted the upgrade of defensive systems. This process not only affects the business forms of audit companies but also requires the entire DeFi ecosystem to rethink the way security investments are made.

For project parties, the era of a one-time audit providing lifelong peace of mind is over. Security is no longer just a procedure before going live, but a foundational infrastructure that requires continuous investment.

For auditing agencies, passively trailing AI is no longer enough. Players who can quickly complete the comprehensive transition from tool to service model are more likely to stay at the table in the next phase.