Report: Unverified smart contracts become a new target for attackers, with $36.7 million stolen in six months.

CoinFeed reported on June 10th that, according to a Chainalysis report, at least $36.7 million has been stolen from protocols with unverified source code in the past six months, including Truebit, Trusted Volumes, Aperture Finance, and Ekubo. Attackers search for vulnerabilities by decompiling raw bytecode. AI-assisted exploit development is accelerating this trend, with large language models enabling scalable identification of vulnerability patterns. Chainalysis points out that unverified contracts lack community review and are often excluded from bug bounty programs. The barrier to entry for AI decompilation and vulnerability analysis is rapidly decreasing, allowing attackers to systematically scan thousands of unverified contracts. Protocols should verify all contract code, audit actually deployed contracts, expand bug bounty coverage, and implement real-time on-chain monitoring.