Report: Unverified smart contracts become a new target for attackers, with $36.7 million stolen in six months.

Source: PANews2026/06/10 09:04

If you have any feedback or questions about this content, please contact us at crypto.news@kcex.com

PANews reported on June 10th that, according to a Chainalysis report, at least $36.7 million has been stolen in the past six months from protocols whose source code has not been publicly verified, including Truebit, Trusted Volumes, Aperture Finance, and Ekubo. Attackers search for vulnerabilities by decompiling the raw bytecode. AI-assisted exploit development is accelerating this trend, with large language models enabling scalable identification of vulnerability patterns.

Chainalysis points out that unverified contracts lack community scrutiny and are often excluded from bug bounty programs. The barrier to entry for AI decompilation and vulnerability analysis is rapidly decreasing, allowing attackers to systematically scan thousands of unverified contracts. Protocols should verify all contract code, audit actually deployed contracts, expand bug bounty coverage, and implement real-time on-chain monitoring. Every unverified contract is a potential target for automated scanning, and obfuscation alone is no longer an effective security measure.

Disclaimer: The articles reposted on this website are sourced from public platforms and are for reference only. These articles do not represent the views or opinions of KCEX. All copyrights belong to the original authors. If you believe that any reposted article infringes upon the rights of a third party, please contact crypto.news@kcex.com for removal. KCEX makes no representations or warranties regarding the timeliness, accuracy, or completeness of reposted articles, and shall not be liable for any actions or decisions made based on such content. Reposted materials are for informational purposes only and do not constitute advice, endorsement, or basis for any commercial, financial, legal, and/or tax decisions.