AI
TLDR: LONDON—Chainalysis links AI assisted exploit development to at least $36.7 million stolen from DeFi protocols running unverified smart contracts in six months. LLMs speed decompiling and vulnerability triage, widening attacker reach while defenders lag.
Key Takeaways:
- DeFi teams sometimes keep contracts unverified on block explorers, assuming hidden code deters reverse engineering and lowers exploit risk.
- Chainalysis reports attackers abused unverified contracts, including Truebit drained $26.2 million on Jan. 8 after an integer overflow in an unverified bonding curve.
- Faster decompilers and LLM triage create a structural gap: attackers cover more ground than monitoring teams, and bug bounties often miss unverified code.
When DeFi hides code to stay safe, AI turns that secrecy into a checklist. The result is less cloak and dagger, more assembly line damage.
When DeFi hides code to stay safe, AI turns that secrecy into a checklist. The result is less cloak and dagger, more assembly line damage.
Q&A
If unverified contracts become predictable targets, what security control should move first: verification, monitoring, or incentives?
Verification should come first because it enables broad review and consistent monitoring signals. Next, expand real time on chain monitoring and bug bounty scope so vulnerabilities in newly verified or still unverified deployments do not fall into a blind spot.
Why do defenders lose even when they catch exploits, not just miss them?
They lose on coverage and time. AI pipelines scan far more contracts than human teams can review, so defenders may respond after attacks have already shifted to the next tranche of targets.
What happens to attacker behavior if protocols verify code quickly after deployment but allow short windows of unverified publishing?
Attackers will likely focus on the window. Even brief unverified periods become high value because pipelines can triage exploitability before verification closes the gap.
How might bug bounty programs need to change if decompilers now convert bytecode into readable Solidity?
Programs should include unverified contracts immediately or offer fast eligibility for contracts under active incident response. Otherwise, researchers are blocked from reviewing the very artifacts that LLM pipelines turn into work orders.
Could the same AI capabilities used for exploitation help defenders build better defenses, and what would a credible test look like?
Yes, because LLMs can flag reentrancy, access control gaps, and arithmetic errors once code is available. A credible test would pair automated LLM triage with independent human verification and measure whether issues found translate into fewer real world exploits over time.
No comments yet. Be the first to share your thoughts!