The state of play
"In the rapidly evolving world of decentralised finance (DeFi) and web3, where billions of dollars pour through smart contracts and decentralised apps (dApps) daily, security should be the bedrock priority. Yet for an industry espousing transparency and trustless systems, the blockchain space has a glaring vulnerability – outdated, siloed security audits.“
My opening statement that I made 2 years ago, outlined a vision for the future where the blockchain security crisis would be addressed.
Nothing and everything has changed.
The rise of AI
What’s most striking is how little has changed. Artificial intelligence is now commonplace in Web3 security tooling, yet that very tooling has also accelerated the capabilities of attackers.
The gains, however, are deeply asymmetrical, and they favour the hackers.
For auditors, AI is a productivity tool, it helps teams move faster within a fixed scope, at a fixed moment in time. They get one shot.
For attackers, there is no such constraint. AI allows continuous, automated scanning across every deployed protocol on the network, around the clock, indefinitely, at a fraction of the cost of a skilled exploit developer.
It has lowered the barrier to entry for unsophisticated actors while making sophisticated ones exponentially more dangerous.
The asymmetry runs deeper than speed. Auditors must find every vulnerability. Attackers only need to find one. AI amplifies that imbalance, a missed edge case that once took weeks to discover can now be surfaced in minutes.
The economics compound this further.
A successful exploit can yield hundreds of millions in a single transaction with uncapped upside. The auditor earns a flat fee. The incentive to invest in offensive tooling vastly outweighs the incentive to invest in defence.
The result is a security ecosystem that has become more technologically advanced and more dangerous at exactly the same time.
AI security has really arrived in Web3 security, but it has largely amounted to zero in real world terms. For all the tooling that has come out to aid auditors this same change has sped up hackers at a same or greater rate.
Now in 2026, two years on, I am amazed that in a real way nothing has really changed.
The state of play has remained the same
The playing field remains uneven. Billions of dollars flow daily through smart contracts and dApps, but the bedrock of trust ( real security ) is still missing. For an industry built on transparency and trustlessness, blockchain’s greatest vulnerability remains its reliance on static, siloed security audits.
Where billions of dollars pour through smart contracts and decentralised apps (dApps) daily, security should be the bedrock priority.
Yet for an industry espousing transparency and trustless systems, the blockchain space has a glaring vulnerability; outdated, siloed security audits.
Why audits alone aren’t enough
Traditional software audits involve comprehensively reviewing source code for vulnerabilities and certifying it as secure at a single point in time.
But this static snapshot quickly becomes irrelevant as developers continuously update the code and new real-world edge cases emerge. This model breaks down for the highly complex, composable blockchain ecosystem where protocols integrate and protocols build on protocols, creating cascading layers of risk.
Traditional software audits review source code at a single moment in time. They identify vulnerabilities and certify the code as “secure.” In web2, that approach suffices because applications change slowly. In decentralised finance (DeFi), however, protocols are composable and constantly updated.
One protocol integrates another, which itself may depend on multiple layers of code. A single upgrade can invalidate an entire audit. This static model breaks down in a world where software is modular, continuously deployed and interacts with unknown third parties.
Recent High‑Profile Hacks
The need for continuous protection became painfully clear in 2025. While the number of security incidents fell by about 50 % compared with 2024, the damage from those incidents grew far worse; losses climbed 55 % to over US$3.4 billion. It doesn’t look like it will get better this year.
These following are merely the latest from 2026, and April isn’t over yet.
- Drift Protocol – $285M – Social engineering + governance exploit
- Fake Ledger Live App – $9.5M – Phishing (fake App Store app)
- LML Staking Protocol – $950K – Flash loan/TWAP manipulation
- Silo Finance – $359K – Vault inflation/oracle exploit
- Hyperbridge – $2.5M – Smart contract bug (missing boundary validation)
- EIP-7702 Victim – ~$17.2K – Missing access control in delegated code
- SAS Token – ~$12K – Smart contract exploit
Off‑chain attacks also proliferated. Social‑engineering campaigns using AI voice clones and sophisticated phishing targeted individual whales. One attack in 2025 stole 3,520 BTC (≈US$330 million) from a long‑dormant wallet by coaxing the owner into signing a fake “security verification”.
Collectively, these incidents show that modern attackers prefer quality over quantity: fewer hacks, but each far more damaging. By June 2025, stolen value year‑to‑date already exceeded US$2.17 billion, more than all of 2024, and projections suggested the total could surpass US$4 billion by year’s end.
The gaps in the armor
The harsh truth is that even major DeFi protocols and decentralised exchanges (DEXs) often skip comprehensive audits due to soaring costs, ranging from $50,000 for smaller projects to over $1 million for intricate audits.
And those that do invest heavily find the value fleeting, as audits effectively expire the moment a single upgrade gets pushed to production.
The consequences have been catastrophic. Over $3.4 billion lost to hacks and exploits in 2025 alone. Security breaches remain rampant. In the first half of 2025 alone, over US$3.1 billion was stolen from DeFi protocols, already surpassing the US$2.85 billion lost in all of 2024.
From the recent Hyperbridge hack $237 million proving you should not taunt hackers, a long trail of audited projects got crippled due to unknown vulnerabilities slipping past their defenses.
Note: Cross‑chain bridge exploits alone led to more than US$1.5 billion in theft by mid‑2025.
Note: 52 % of DeFi protocols experienced at least one breach within their first operational year due to infrequent audits.
These figures emphasise that audits are not providing lasting protection.
Even worse, many protocols engage in a “security theater” by commissioning AI only code audits solely for the veneer of credibility. Investors and end-users default to trusting that verified smart contracts behave as advertised, when the reality is that foundational audits offer a false sense of security if not kept constantly updated.
Regulatory Momentum for Continuous Security
Regulators are taking notice. Europe’s Markets in Crypto‑Assets (MiCA) regime now applies across all twenty‑seven EU member states. MiCA mandates prudential requirements and standardised cybersecurity audits for crypto‑asset service providers.
The European Securities and Markets Authority goes further, recommending recurring independent audits focusing on wallet breaches, data leaks and DDoS risks. Japan’s Financial Services Agency plans to require all registered exchanges to conduct mandatory cybersecurity self‑assessments starting in 2026.
These measures indicate a regulatory pivot toward real‑time oversight. Authorities recognise that periodic audits are obsolete and are pushing for continuous risk reporting, solvency proofs and automated compliance checks.
Towards Continuous Security and Automation
Even the most rigorous manual audit cannot anticipate every edge case or logic path.
A single arithmetic error can unlock a hidden exploit. Artificial intelligence has become ubiquitous in security tooling, yet hype often outpaces reality; these models still require human guidance and validation. The future of blockchain security lies in automated, always‑on monitoring that blends algorithmic detection with expert oversight.
The technology powering blockchains has rapidly progressed while security practices borrow from antiquated paradigms. Even with the most rigorous audits, the tiniest logic error in a smart contract could unlock a backdoor exploitable by hackers. Static analysis alone cannot defend against evolving exploit vectors.
Continuous monitoring offers several advantages:
- Dynamic risk scoring: Real‑time analysis of on‑chain and off‑chain data (transaction patterns, contract updates, governance actions) can detect anomalies before they become exploits.
- Proactive defence: Machine‑learning models can identify zero‑day patterns by finding higher‑order relationships among disparate data points. For example, algebraic topology techniques can flag suspicious clusters of activity that precede attacks.
- Compliance readiness: Regulators are exploring real‑time solvency and risk‑reporting models based on continuous cryptographic proofs. Automated systems can produce these proofs without manual intervention.
AI for all the hype still has a long way to go before it competes with a human led review both in its ability to look past the code and provide a trusted repeatable security report.
What blockchain urgently needs is: automated, comprehensive and always-on security monitoring, not just periodic spot checks.
DeFi insurance protocols require continuous risk quantification across all integrated systems. Retail traders deserve real-time insights to evaluate protocol safety instead of blindly trusting a modicum of audits. And blockchain projects themselves must be able to demonstrate immutable security proofs to engender trust from investors and regulators.
How will this crisis unfold?
Two years after this article was first drafted, the blockchain industry still faces a profound security crisis. Losses from hacks continue to climb; 2025 alone saw over US$3.4 billion stolen, with a handful of outsised incidents accounting for most of the damage.
Traditional audits and AI‑only code reviews offer a false sense of security in a system where composability and constant change are the norm.
The solution seems clear: dynamically evolving security practices.
Did I miss anything? Anything to add?
