DeFi Exploits Reveal Vulnerabilities in Unverified Smart Contracts

Unverified smart contracts have been a growing concern in the DeFi space, with recent exploits resulting in significant losses for affected protocols. A report by Chainalysis has shed light on this issue, revealing that unverified contracts were linked to at least $36.7 million in losses across four DeFi exploits over the past six months.

The largest incident involved Truebit, which lost $26.2 million after an attacker exploited an integer overflow vulnerability in a contract that had remained unverified on Ethereum since 2021. The other incidents involved Trusted Volumes, Aperture Finance and Ekubo.

Chainalysis attributes the trend to advances in decompilation tools and artificial intelligence, which have made it easier for attackers to reverse-engineer smart contract bytecode and identify vulnerabilities even when source code is not publicly available.