>>
Technology>>
Blockchain>>
AI Is Speeding Up Both Hacks a...Security experts are warning that AI tools are dramatically accelerating the discovery of smart contract vulnerabilities, shortening the "shelf life" of one-time audits and forcing DeFi protocols to adopt continuous security monitoring as hackers return to old codebases with improved automated tools.
The window of vulnerability is shrinking. And the tool that is shrinking it is the same one that is supposed to make code safer: artificial intelligence.
Security experts are urging crypto protocols to reaudit their smart contracts continuously as AI-powered tools enable hackers to identify vulnerabilities faster than ever before. According to TRM Labs head of policy Ari Redbord, attack techniques are evolving faster than a single audit can account for.
"An audit built for last year's attack patterns leaves a protocol exposed to this year's as bad actors are changing up," Redbord told Cointelegraph. "Our data argues for continuous review rather than a one-time audit."
$1.32 Billion Lost in First Half of 2026
CertiK reported that hackers stole $1.32 billion across 344 incidents in the first half of 2026, with code vulnerabilities accounting for 204 cases totaling $151.6 million. But the most significant damage came from infrastructure and operational compromises key compromises, signature failures, and fund management system attacks accounted for only 15 per cent of incidents but approximately 76 per cent of stolen assets.
"The window of maximum vulnerability does not close after launch," CertiK warned. "Projects operating legacy infrastructure should treat reauditing as a recurring operational requirement rather than a one-time exercise conducted at deployment."
Old Codebases, New Threats
One of the most concerning trends is attackers returning to old or even shut-down protocols. In June, hackers exploited a smart contract vulnerability to steal $2.1 million from Aztec Connect a project that had been shut down since March 2023. Five days later, my Swap DEX lost $300,000, even though it had not accepted new liquidity for more than six months.
CertiK noted these attacks are likely being aided by improved automated tools for finding hidden vulnerabilities across large codebases, making it easier to identify latent flaws in projects that have lost their development teams and auditor attention.
The Zcash Wake-Up Call
A critical vulnerability in Zcash's Orchard shielded pool existed for four years before it was discovered by Shielded Labs security engineer Taylor Hornby using a custom auditing agent built on Anthropic's Claude Opus 4.8. The flaw could have enabled undetectable counterfeiting inside the pool. The bug was patched, but the example shows that even thoroughly vetted code with a long history can contain hidden vulnerabilities.
AI Agents Found $4.6 Million in Vulnerabilities
In December, Anthropic published research showing AI agents successfully modeled exploits worth $4.6 million from real hacked contracts. On the SCONE-bench benchmark, agents tested 405 contracts that were actually hacked between 2020 and 2025. On vulnerabilities discovered after the model's knowledge cutoff date, the success rate jumped from 2 per cent to 55.88 per cent over a year. The average cost of a full vulnerability scan per contract was estimated at just $1.22.
Defenders Are Outgunned
CertiK CEO Ronghui Gu told The Block that AI tools are "an unfair game" because attackers can pour computing resources into probing a single protocol while security firms must spread resources across dozens of clients. Gu noted that as smart contract auditing standards improve, hackers are increasingly shifting to supply-chain and operational security vulnerabilities instead of code flaws.
The April attacks on Drift Protocol ($280 million) and Kelp DAO ($292 million) involved infrastructure and governance failures rather than smart contract bugs. The Kelp DAO exploit, which compromised a LayerZero validator setup and routed assets through Aave, triggered a controversial freeze of $72 million in assets now tied up in legal disputes.
Here is the question this threat landscape raises. AI tools can scan a smart contract for vulnerabilities at $1.22 per scan and find exploit patterns that existed for four years. When hackers can return to old codebases with AI-powered tools and defenders are still relying on one-time audits, is the industry's security model fundamentally broken?
As AI accelerates both hacks and hunts for smart contract bugs, The Silicon Review asks a final question. When the same tool that helps auditors find vulnerabilities can also help attackers exploit them, who is really winning the race?
FAQ:
Q: How is AI changing smart contract security?
A: AI is accelerating both sides of the security equation. Attackers are using AI-powered tools to find vulnerabilities faster, while defenders are using AI agents to audit code and identify exploits. The "shelf life" of a one-time audit is shrinking as AI enables faster discovery of vulnerabilities in old and new codebases.
Q: How much was stolen from DeFi protocols in the first half of 2026?
A: CertiK reported $1.32 billion stolen across 344 incidents in the first half of 2026.
Q: What is a smart contract audit?
A: A smart contract audit is a comprehensive code review by cybersecurity professionals designed to identify vulnerabilities, security risks, and logic flaws before deployment. Audits typically examine reentrancy, access control errors, arithmetic errors, and flawed business logic.
Q: Why is continuous auditing becoming necessary for smart contracts?
A: Attack techniques are evolving faster than one-time audits can account for. AI tools can scan for vulnerabilities at low cost, and attackers are returning to old or inactive codebases that may have been audited years ago but have not been rechecked.
Q: Are closed or inactive crypto protocols still at risk?
A: Yes, even projects that have ceased operations remain at risk. Both Aztec Connect (closed since March 2023) and mySwap (inactive for over six months) were hacked within days of each other in June 2026.
Comments