Could AI agents expose DeFi’s next wave of hidden exploits?

Crypto social media has raised the issue of DeFi vulnerabilities to AI agents. The chief concern is that AI agents are much better at discovering exploit loops, thus putting even solid and large DeFi protocols in danger.

According to Manuel Araoz, all of DeFi is more vulnerable to exploits, mostly due to the use of AI analysis. Araoz, who is the founder of Open Zeppelin, warned that AI is a constant threat to decentralized projects.

He has warned against using even the most established DeFi protocols like Aave, Sky Protocol, and Compound. For now, some investors consider those protocols reasonably safe, but there are still warnings on setting up timelocks and avoiding permissionless operations.

The warning arrives after crypto hacks reached record levels in April, and started to undermine trust in smaller DeFi protocols. However, blue-chip projects still host multiple vaults with their own risk levels.

DeFi lost around $285M in attacks attributed to DPRK hackers, and another $437.4M from unidentified threat actors, according to Dune Analytics data. Most of the hacks in 2026 were linked to a bridge verification flaw, followed by social engineering.

Is AI creating a wave of hacks?

The warning that AI may exploit DeFi protocols is spreading on crypto social media. The chief fear is that multiple projects may still run vulnerable smart contracts, despite years of audits.

However, according to other analysts, AI may not be that powerful in exploiting flawed contract logic. Instead, exploits always depend on a human element, such as errors in signing transactions or access to exposed private keys.

The recent exploits also showed some DeFi protocols had a centralized element that allowed threat actors to take control.

The founder of Slow Mist warned the recent attacks were a mix of logic hacking and social engineering. He called to DeFi teams to use AI themselves and simulate attacks and exploits, calling for at least one attack drill each quarter.

DeFi hacks slowed down again in May

After almost daily attacks in April, hacks slowed down in May, returning to a low baseline. In May to date, only around $44M were taken in various hacks, as only smaller protocols were attacked.

In May, around 14 attacks were reported, of which the most serious one affected ThorChain. For now, lending protocols are still functioning, though open to the same exploits with flash loans and potential bridging risks.

DeFi suffered a hit from April’s exploits, in combination with weakening ETH prices. As a result, DeFi protocols now hold around $81B, down from over $98B in April. The current TVL levels only reflect nominal prices, and in fact more assets are locked in DeFi as a source of passive income.

Aave, the leading protocol, still holds around $14B, not yet recovered from the withdrawals in April. As Cryptopolitan reported, the KepDAO exploit was also a major blow to trust in DeFi.

Don’t just read crypto news. Understand it. Subscribe to our newsletter. It's free.