Q2 2026 just set a record: 83 separate crypto hacks, the most ever in a single quarter. over $750 million stolen. april alone was $606 million across just 12 incidents. and we’re barely halfway through the year.
but the scary part isn’t the numbers. it’s how the attacks are happening.
multiple security firms (TRM Labs, CertiK, Chainalysis) are now saying the same thing: attackers, especially North Korean groups, are using AI to find and exploit vulnerabilities faster than protocols can patch them.
here’s what that actually looks like in practice:
AI-powered vulnerability scanning. attackers are running AI agents that scan smart contracts continuously for exploitable bugs. a protocol’s security team might audit their code once or twice. an attacker’s AI agent runs 24/7 for weeks, spending $10-20k in compute to find a single crack. the economics are wildly asymmetric: a defender’s audit has a budget and a deadline. an attacker’s scan has neither.
deepfake social engineering. the Zerion hack in april used AI-generated social engineering in a long-term campaign to steal from hot wallets. there are now tools being sold that use voice manipulation and deepfakes specifically to bypass KYC checks on exchanges. this isn’t theoretical. it’s a service you can subscribe to.
automated exploit development. tasks that used to take skilled researchers months, like reverse-engineering contract logic and chaining exploits, can now be done in hours with AI assistance. the barrier to entry for crypto hacking has dropped dramatically.
target selection. AI is being used to identify the highest-value targets by scanning TVL, contract complexity, and security posture across hundreds of protocols simultaneously. attackers are picking their targets more intelligently, not just opportunistically.
the result: more frequent attacks, more sophisticated execution, and a structural advantage for attackers over defenders. one security researcher put it bluntly: “before AI, the number of elite hackers was limited. now almost anyone could operate like an elite hacker for a subscription fee.”
the uncomfortable question this raises for defi: most protocols are still running the same security playbook from 2022. periodic audits, bug bounties, maybe a monitoring dashboard. that worked when attackers were humans with limited time. it doesn’t work when the attacker is an AI agent that never sleeps and costs almost nothing to run.
what actually needs to change? is it just “more audits and bigger bug bounties” or does the entire security model for on-chain protocols need to be rethought from the ground up?
submitted by /u/ginete_tech [link] [comments]r/CryptoCurrencyRead More
You might also be interested in reading Here are the major earnings before the open Tuesday.