Unverified Smart Contracts Pose Growing Risk in DeFi

A recent report by Chainalysis has highlighted a growing threat in the decentralized finance (DeFi) space: unverified smart contracts. These contracts, which have never been publicly verified, are being increasingly targeted by attackers who use AI-powered tools to reverse-engineer deployed bytecode and uncover hidden vulnerabilities.

The report notes that four major incidents involving protocol-owned contracts that were unverified on blockchain explorers at the time of exploitation resulted in losses totaling $36.7 million. The largest attack targeted the Ethereum-based protocol Truebit, which lost approximately $26.2 million in January.

Chainalysis attributes this trend to the growing accessibility of decompiled bytecode and AI-powered tools that enable faster contract analysis. These tools can convert Ethereum bytecode into readable Solidity-like code, allowing attackers to identify common vulnerabilities such as reentrancy flaws, arithmetic errors, and access-control weaknesses.