· On April 1st, April Fools' Day, Drift Protocol was hacked due to a management key compromise and a multisig execution vulnerability, resulting in a theft of $280 million (see "April Fools' Joke? Drift Protocol Hacked for Over $280 Million, Potentially Second-Largest DeFi Hack in Solana Ecosystem").
· Subsequently, on April 19th, Kelp DAO was exploited through a bridging protocol, leading to a $292 million loss (see "DeFi Hacked Again for $292 Million, Is Aave Safe This Time?"). The hacker then used avenues like Aave to escape, plunging the entire DeFi space into defaults and their cascading impacts.
As we entered May, the incidents not only didn't decrease but further escalated.
· On May 15th, THORChain suffered an attack where a new joining node operator exploited a vulnerability in the GG20 threshold signature scheme (TSS), reconstructed the vault private key, and directly conducted outbound transactions, resulting in a loss of over $10 million.
· On May 18th, Verus' bridging protocol was attacked, with the attacker forging a cross-chain import payload to bypass validation and extract assets from the Ethereum reserves, making off with around $11.58 million.
· On May 19th, Echo Protocol on Monad was attacked due to a private key leak, with the attacker minting 1000 eBTC (worth $76.7 million) and utilizing a pre-tested attack vector via Curvance to drain funds.
· On May 24th, StablR, the compliant stablecoin issuer under the MiCA regulatory framework, was attacked, with the hacker profiting over $2.8 million through minting EURR and USDR, causing EURR and USDR to lose their peg.
· On May 25th, the SquidRouter module was attacked, resulting in the theft of around $3 million from 86 Gnosis Safe wallets.
· On May 27th, the deployment key for StakeDAO on Arbitrum was compromised, leading to the minting of approximately 5.45 trillion vsdCRV tokens, some of which were exchanged for 43.7 ETH as the attacker fled.
The alarmingly frequent security incidents have raised concerns, indicating that from on-chain code to off-chain governance, DeFi seems to be under comprehensive attack.
AI Has Become the Hacker's Nuclear Option
Why did DeFi security collapse so rapidly this summer? In addition to the evolution of traditional hacking techniques, the rapid advancement of AI capabilities is becoming the ultimate game-changer that tips the scales.
In the past, finding a complex smart contract vulnerability (especially those involving cross-chain functionality, multiple layers of nesting, or extremely subtle reentrancy logic) required top hackers to spend weeks or even months analyzing the code. However, with the maturity of AI agents possessing extensive contextual knowledge, strong logical reasoning, and autonomous tool-invocation capabilities, everything has changed drastically.
· Real-Time Scanning and Network-Wide "Zero-Day Vulnerability" Discovery: Attackers can now feed open-source code repositories to next-generation AI inference models, which, within seconds, can explore hundreds of extreme interaction scenarios like seasoned security professionals, accurately identifying edge conditions overlooked by human auditors in moments of fatigue.
· Automated Attack Script Generation: AI not only discovers vulnerabilities but can also automatically write, test, and deploy "hacker smart contracts" designed to drain funds.
· Off-Chain DevOps and Social Engineering Orchestration: AI can impersonate a perfect developer for phishing attacks or continuously monitor a DeFi team's GitHub commit history. If the team uploads code with sensitive information or unverified fixes, AI can launch an attack within seconds—far faster than a human security responder's reaction time.
In this AI-empowered arms race of security warfare, hackers wielding AI have almost unlimited ammunition and millisecond attack speeds, while DeFi is constrained by slow governance voting, multi-signature confirmations, and delayed security audits, making it challenging to mount a corresponding defense.
Last month, Anthropic, the AI development company behind Claude, officially announced a new generation model called Mythos.
This is the first model in human history to break the trillion-parameter mark (in contrast, mainstream models in the market currently range from hundreds of billion to one trillion parameters), with a staggering training cost of $10 billion.
However, due to Mythos' specialized capabilities in network security (Anthropic disclosed that the model identified thousands of zero-day vulnerabilities within a few weeks of use), Anthropic is hesitant to directly release the model to the public to prevent malicious exploitation by hacker groups. Instead, the company plans to first have top firms test it through a "Glasswing" program to identify and patch potential vulnerabilities in advance.
The current DeFi security situation remains extremely severe, and it is hard to imagine what new threats the industry's security defense will face after the public release of Mythos.
Main Issue: Risk-Reward Ratio Has Long Been Imbalanced
For ordinary DeFi participants, liquidity providers (LPs), and whales, the most important issue now is to sit down and do the math.
For a long time, users chose to deposit funds into DeFi in pursuit of annual percentage yields several times higher than traditional finance. During a bull market or the frenzy of liquidity mining, a 10%, 20%, or even higher return was enough to cover people's psychological expectations of "potential technical risk."
However, today, this underlying logic has been shaken if not overturned; the risk-reward ratio of DeFi is already imbalanced.
On the return side, as the market enters a zero-sum game, with a thicker safety cushion, the real yields of most mainstream, relatively reliable DeFi protocols have fallen to the single-digit range; on the risk side, users' principal is exposed to a black box that could be breached by AI at any time, or emptied in an instant by a flash loan. Once a protocol is hacked, token values can drop to zero and liquidity pools can be drained within minutes, with no legal, insurance, or central bank coverage.
Risking a 100% loss of principal to pursue an annual return of around 5% is clearly not a worthwhile deal.
Manuel's words may seem absolute, but they tear away DeFi's final fig leaf. With hackers now using AI as a standard weapon and continuous security incidents in the industry, if you are not psychologically prepared to lose 100% of your principal for a certain return, then "withdraw and secure your funds as soon as possible" may be the most rational and risk-controlled choice in the current market cycle.
Welcome to join the official BlockBeats community:
Telegram Subscription Group: https://t.me/theblockbeats
Telegram Discussion Group: https://t.me/BlockBeats_App
Official Twitter Account: https://twitter.com/BlockBeatsAsia
