The vulnerability of decentralized finance (DeFi) protocols to artificial intelligence (AI)-driven attacks has become a heated topic in the crypto world, sparking debate across social media.
The vulnerability of decentralized finance (DeFi) protocols to artificial intelligence (AI)-driven attacks has become a heated topic in the crypto world, sparking debate across social media. Manuel Araoz, founder of Open Zeppelin, has warned in recent statements that AI is making the DeFi space riskier than ever before.
Citing leading DeFi platforms such as Aave, Sky Protocol, and Compound, Araoz emphasized that significant security gaps can exist even in well-established protocols. He stressed that AI-powered software can scan and find vulnerabilities much faster than conventional methods, creating an uneven playing field between offense and defense.
Describing the situation, it was noted that AI-based agents are far more skilled than humans at detecting weaknesses in software, and while defenders must fix every bug, attackers only need to find one to steal funds.
While some investors believe these projects are relatively secure due to rigorous audits, recent warnings are encouraging users to avoid “permissionless transactions” and adopt time lock mechanisms as added precautions.
The scale of DeFi attacks in April reached historic highs. According to Dune Analytics, protocols lost around $285 million in attacks reportedly linked to North Korean actors. Losses from unidentified parties escalated to $437.4 million. Most incidents during 2026 stemmed from vulnerabilities in bridges and from social engineering attacks.
Mini glossary: Social engineering refers to attack techniques that exploit human psychology to obtain sensitive information or gain access. In crypto, phishing is frequently used to steal private keys.
Such vulnerabilities are common in smaller or newly-launched protocols, but even so-called “blue chip” projects can face threats, especially when some modules retain centralized features.
PeriodTotal Loss (USD)Main CauseApril 2026~722.4 millionBridge vulnerabilities, social engineeringMay 2026~44 millionSmall protocols, flash loan exploitAfter the April surge, May brought a slowdown in both the number of attacks and the size of losses. Fourteen incidents were reported, with the ThorChain protocol bearing the largest impact. Attackers mainly targeted smaller-scale projects, though leading lending protocols continued to face warnings over flash loan and bridge-related risks.
Following these attacks, total value locked (TVL) in DeFi protocols saw a significant drop. By May 2024, TVL had fallen to about $81 billion from over $98 billion in April. Aave’s funds remain around the $14 billion level, yet it has not fully recovered from last month’s outflows.
The founder of security firm Slow Mist highlighted that recent exploits were due partly to code-based flaws and partly to social engineering. He advised DeFi teams to leverage AI for their defenses and to simulate cyberattacks at least once a year as a precautionary measure.
Yet some industry analysts argue that AI alone may not be as effective as assumed at finding vulnerabilities in smart contracts. Most attacks still trace back to human error or design choices with centralized characteristics.
Even as AI-driven automated attack tools are thought to increase risks, experts consistently remind the public that the root cause of most vulnerabilities remains human factors and centralization.
The post AI-driven DeFi attacks caused $722 million losses in April appeared first on COINTURK NEWS.
