What did Chainalysis discover about recent DeFi hacks?

Chainalysis found that at least US$36.7 million was stolen across four DeFi exploits involving unverified smart contracts during the past six months. The report suggests attackers are increasingly targeting contracts whose source code is not publicly available.

What are unverified smart contracts?

Unverified smart contracts are blockchain contracts whose source code has not been publicly published on blockchain explorers. This makes it harder for security researchers, auditors and bug bounty participants to review the code for vulnerabilities.

Why are hackers targeting unverified DeFi contracts?

According to Chainalysis, unverified contracts often receive less public scrutiny and may not be covered by bug bounty programmes. Attackers can therefore find vulnerabilities that remain undiscovered by defenders for extended periods.

Which DeFi protocol suffered the largest exploit?

Truebit experienced the largest incident, losing approximately US$26.2 million. Chainalysis said the attacker exploited an integer overflow vulnerability in a contract that had remained unverified on Ethereum since 2021.

Which other projects were affected by unverified contract exploits?

The report identified Trusted Volumes, Aperture Finance and Ekubo as additional victims. In each case, the exploited contract's source code was not publicly available for independent review.

How is artificial intelligence changing crypto security risks?

Chainalysis said AI-powered tools are making it easier to reverse-engineer smart contracts and identify weaknesses. Tasks that previously required experienced security researchers can now be partially automated, allowing attackers to analyse more contracts at scale.

Does keeping smart contract code private improve security?

Chainalysis argues that relying on hidden code as a security measure is becoming less effective. The report challenges the assumption that obscurity alone provides protection, particularly as AI and decompilation tools improve.

How much crypto was stolen through exploits in April 2026?

According to DeFiLlama, hackers stole approximately US$629.7 million in April 2026. That was the largest monthly total since February 2025 and highlights ongoing security challenges across the crypto industry.

Image for illustrative purposes only. Not a real photo.

Chainalysis flags $36.7M tied to hidden DeFi code

Written by Isaac FrancisPublished Jun 10, 2026, 1:02 AM

At least US$36.7 million was lost across four decentralised finance exploits in the past six months as attackers increasingly targeted unverified smart contracts whose source code was not publicly available, according to a new Chainalysis report.

The largest attack involved Truebit, which lost US$26.2 million after a hacker exploited an integer overflow vulnerability in a contract that had remained unverified on Ethereum since 2021.

“Protocols relying on hidden code are increasingly depending on obscurity as a security measure,”

Chainalysis said in its report.

The other incidents involved Trusted Volumes, Aperture Finance and Ekubo, with Chainalysis noting that each exploited contract lacked publicly accessible source code and therefore received less scrutiny from researchers and bug bounty programmes.

According to the blockchain analytics firm, advances in artificial intelligence and smart contract decompilation tools are reducing the effectiveness of keeping code private by allowing attackers to reverse-engineer contracts and identify vulnerabilities more efficiently.

Chainalysis said tasks that previously required skilled reverse engineers working for days on a single contract can now be partially automated across large numbers of unverified contracts, expanding the attack surface for hackers.

The findings come amid a broader increase in crypto security incidents, with DeFiLlama reporting US$629.7 million stolen through crypto exploits in April alone, while Chainalysis recommended source code verification, expanded bug bounty coverage and real-time monitoring tools as key defences against future attacks.

At the time of reporting, Ethereum price was $1,644.54.

Chainalysis flags $36.7M tied to hidden DeFi code

Frequently asked questions

Assets related to this article