Chainalysis reports that attackers have stolen at least $36.7 million from unverified smart contracts over the past six months, attributing the surge to AI-assisted exploit development. Large language models (LLMs) can now analyze decompiled bytecode at a speed and scale beyond human capabilities, turning closed-source contracts into systematic targets. Decompilers like Dedaub, Heimdall, and Panoramix convert bytecode into readable Solidity, which is then fed into LLMs to flag vulnerabilities such as reentrancy bugs and access control gaps. This automation enables attackers to scan thousands of unverified contracts, triaging by exploitability and potential yield. The largest incident was a $26.2 million exploit of Truebit on January 8, exploiting an integer overflow in a contract unverified since 2021. The same attacker had previously drained Sparkle for 5 ETH. Anthropic research also shows AI can autonomously exploit contracts, even those deployed after the model's knowledge cutoff. Chainalysis urges protocols to verify all code, extend bug bounty scope, and adopt real-time monitoring.

Key facts

• Attackers stole $36.7M from unverified contracts in 6 months.
• AI LLMs analyze decompiled bytecode at scale, targeting closed-source contracts.
• Truebit lost $26.2M to an integer overflow in an unverified contract from 2021.
• Same attacker drained Sparkle for 5 ETH 12 days before Truebit exploit.
• Chainalysis warns AI-assisted exploitation will accelerate.

KeyAudit data perspective