Attackers have siphoned at least $36.7 million from protocols running unverified smart contracts over the past six months, according to a new Chainalysis report shared this week. The firm ties the surge directly to AI-assisted exploit development — specifically, large language models (LLMs) that analyze decompiled bytecode at scale. The findings paint a grim picture for DeFi teams that skip contract verification: they're not just missing out on transparency; they're leaving the door open for automated, AI-driven attacks.
How the attacks work
Chainalysis outlines a pipeline that starts with decompilers like Dedaub, Heimdall, and Panoramix — tools that convert raw bytecode back into readable Solidity. That readable code then gets fed into an LLM, which flags reentrancy bugs, access control gaps, and arithmetic errors. The process is automated, allowing attackers to scan thousands of unverified contracts, triage them by estimated exploitability and potential yield, then strike. Unverified contracts also escape the eyes of white-hat researchers and are often excluded from bug bounty programs — making them prime, low-risk targets.
The Truebit case
The biggest single incident was the Truebit hack on January 8, which drained $26.2 million due to an integer overflow in its bonding curve. The contract had been deployed on Ethereum but never verified — it'd been sitting unverified since 2021. The same address that exploited Truebit had already hit an even smaller target twelve days earlier, draining Sparkle protocol for 5 ETH. Proceeds from both exploits were laundered through Tornado Cash. Chainalysis doesn't name the attacker, but the pattern suggests a single operator or group testing tools on lower-value protocols before going after the big one.
What Anthropic found
Anthropic's own research, cited in the report, found that AI can perform advanced attack steps even for low-skilled hackers, raising the overall threat level. In separate demonstrations, Anthropic showed AI agents autonomously exploiting smart contracts for millions of dollars — including contracts deployed after the models' knowledge cutoff. Security experts have warned that AI agents are now outpacing human auditors across DeFi, and Chainalysis expects the trend to accelerate as decompilation tools improve.
What protocols should do
Chainalysis is urging every protocol to verify all deployed code — that's the first and cheapest line of defense. They also recommend extending bug bounty scope to cover unverified contracts and adopting real-time on-chain monitoring. The clock is ticking: the same decompilation and LLM tooling that researchers use for good can be repurposed by attackers. The question now is how many more unverified contracts are sitting out there, waiting to be scanned.
