Over the past two years, the decentralized finance ecosystem has shown quantifiable improvement in its resilience against direct smart contract attacks. Data from firms such as Immunefi and SlowMist indicates that losses from DeFi‑specific exploits fell from a peak of $2.62 billion in 2022 to approximately $680 million in 2025, a 74% reduction.
The median loss per incident dropped from $6 million to $1.5 million over the same period. Risk categories that dominated the landscape in previous years — such as cross‑chain bridge attacks and flash loan manipulations — have gone from accounting for 73% and 54% of losses, respectively, to residual values of 3% and less than 1%.
This improvement is partly attributable to the growing adoption of AI‑based tools for code auditing and vulnerability detection. Frameworks such as SimSecLLM, LLM‑SmartAudit, and SmartProof have demonstrated the ability to scale static and dynamic analysis of smart contracts, reducing exposure windows. However, claiming that AI is driving a “new, more advanced, and safer era” for crypto would be, at best, an incomplete — and potentially dangerous — reading of the current moment.
The opinion I hold, based on aggregated evidence from the last year and a half, is as follows: the sector is winning the technical battle over code, but losing ground on the operational and human front. And AI, far from being a one‑sided solution, acts as a symmetric accelerator of capabilities for both defenders and attackers.
Total crypto hacking losses contradict the narrative of a broad improvement. According to SlowMist’s 2025 annual report, the total value stolen from crypto hacks increased by 46% compared to 2024, reaching $2.935 billion. This increase occurred in parallel with a 37% year‑over‑year decline in losses specifically attributable to DeFi.
The explanation for this apparent paradox lies in the origin of the incidents: the majority of 2025 losses did not stem from smart contract flaws, but from Web2‑style operational errors — password leaks, social engineering attacks, private key compromises in poorly managed environments, and vulnerabilities in centralized exchange infrastructures.
The most representative case of this trend is the 2025 Bybit attack, with a loss of $1.5 billion — an incident that, due to its magnitude, cannot be ignored, but because it does not correspond to a DeFi protocol, it falls outside the most frequently cited sectoral statistics. This measurement bias is problematic. When the sector celebrates a reduction in DeFi losses, it omits the fact that the attack vector has shifted toward more fragile components of the custody chain: human operators, front‑ends, and misconfigured wallets.
Artificial intelligence is exacerbating this asymmetry
An analysis of policy violations involving generative models found that 67% of cases involved malware preparation or vulnerability reconnaissance on DeFi protocols. Researchers at Binance Research have documented that, in controlled environments, AI is twice as effective at exploitation as it is at detection. Furthermore, approximately 60% of all inflows to scammer wallets in 2025 originated from AI‑powered schemes, including deepfakes used in social engineering and the automated generation of malicious contracts that appear legitimate.
Facing this scenario, a purely technical posture is insufficient. DeFi protocol security teams have internalized the lessons of 2022: formal audits, bug bounty programs, and AI‑driven attack simulations are now standard. But the next level of risk is not in a contract’s bytecode — it is in the interface the user signs, the server hosting the front‑end, or the private key stored in a text file on a corporate desktop.
The challenge for the sector in 2026 and beyond is not solely technical but structural. Losses in the first half of 2026 already exceed $800 million in DeFi, suggesting that the downward trend is not monolithic and that attackers are adapting faster than many teams update their defenses. AI, in this context, must be understood as a risk management tool, not as a substitute for operational discipline.Â
Protocols that prioritize auditing automation without reinforcing the security of their off‑chain environments will remain exposed to attack vectors that no LLM can mitigate on its own.
The assertion that DeFi hack losses have fallen is factually correct. The assertion that AI is leading to a new era of advanced security is conceptually true only if three nuances are added: first, that the improvement is concentrated in one segment of the ecosystem (code, not operations); second, that AI empowers both attacker and defender, with the current advantage leaning toward the attacker in terms of exploitation effectiveness; and third, that the relevant metric for the end user is not aggregate DeFi loss, but total crypto hacking losses — which continue to rise.Â
The sector would do well to celebrate with caution and act with urgency on what is actually failing: the human layer.
