Hook
The data looks encouraging at first glance: total DeFi losses in the first half of 2026 fell 46.8% year-over-year. The median loss per attack dropped below $50,000—a stark contrast to the multi-million dollar exploits that once defined headlines. But here’s the cold truth that most market narratives ignore: the number of attacks hit an all-time high, and two incidents alone accounted for 74% of the losses in Q2. Code does not lie, but it does hide. The aggregate numbers are hiding a dangerous bifurcation in the security landscape—one that favors sophisticated state actors while letting AI-powered script kiddies feast on the unprotected periphery.
Context
This data comes from two independent sources: Haseeb Qureshi, managing partner at Dragonfly Capital, and CertiK, the security audit firm that tracks on-chain incidents. Their findings, based on the first half of 2026, paint a complex picture. Qureshi argues that the narrative of an “AI hacker apocalypse” has been overblown because major DeFi protocols have massively upgraded their defenses. CertiK, however, injects a necessary dose of skepticism: “The decline in losses does not represent a significant improvement in overall security.” The devil, as always, is in the code—and this time, also in the distribution of risk.

Core
Let’s dissect the data at the byte level. The 46.8% drop in total losses is an arithmetic artifact. Remove the $1.4B Bybit exploit from the Q1 2025 baseline, and the decline shrinks. More importantly, the median loss being under $50,000 is not a sign of mild attacks; it’s a sign of volume. AI-driven attackers now launch dozens of low-cost, automated probes against what Qureshi correctly calls “security-weak small protocols.” These are often unaudited forks, abandoned projects, or newly deployed contracts with minimal liquidity. The attackers don’t need to find zero-days—they simply exploit the same reentrancy patterns and oracle manipulation vectors that I’ve been flagging in my audits since 2018. The difference is scale: AI agents now iterate on attack vectors faster than humans can patch.
However, the real outlier—and the reason the loss curve has a fat tail—is the resurgence of state-sponsored hacking. The two attacks responsible for 74% of Q2 losses targeted KelpDAO and Drift Protocol. Based on on-chain forensics and intelligence from TRM Labs, the North Korean Lazarus Group is the prime suspect. These attacks are not script-kiddie work; they involve multi-stage social engineering, fake job offers, and zero-day exploits in browser bridges. The sophistication gap between a $50K AI-driven pounce and a $100M state-level heist is wider than the gap between a testnet and mainnet. As I wrote in my post-mortem of the Poly Network exploit, “Root keys are merely trust in hexadecimal form.” When a nation-state has unlimited budget and patience, even audited code becomes a suggestion.

So what does this mean for protocol security? Based on my experience stress-testing Curve’s early invariants with flash loans, I can tell you that the arms race is now asymmetric. Major protocols—Aave, Uniswap, Compound—have adopted defense-in-depth: formal verification, real-time monitoring via Forta, bug bounties on Immunefi, and multi-sig time locks. These measures effectively neutralize the AI-automated attacks. But they are expensive. A full audit suite for a new protocol costs hundreds of thousands of dollars. The small protocols that AI attackers target are exactly those that cannot afford that cost. The market is naturally selecting for a two-tier security system: the fortified citadels and the open plains.
Another critical insight from the data: the attack count is rising because the barrier to entry for attackers is collapsing. AI tools now generate Phishing emails, fake websites, and even exploit PoCs with a few prompts. In my 2024 work optimizing Groth16 provers, I saw firsthand how AI can reduce weeks of manual reverse-engineering to hours. The same trend applies to offense. The result is a constant baseline of nuisance attacks that inflate the count but not the damage. Yet, as the median loss stays low, complacency creeps in. “We’re safe—losses are down.” That’s exactly the mindset that precedes a high-impact event.
Contrarian
The market’s takeaway is that DeFi security is improving. That is a dangerous half-truth. The improvement applies only to the top 10% of protocols by TVL. For the remaining 90%, the risk has never been higher. The narrative of “AI hacker doom” was always exaggerated, but the new narrative of “we’ve fixed it” is equally hollow. Security is a process, not a product. And the process is failing the long tail.
Moreover, the reliance on median loss as a metric is a cognitive trap. If you hold a token from a protocol that gets hit by a $100M exploit, the median doesn’t save you. The two major attacks in Q2—KelpDAO and Drift—devastated their communities. The market’s emotional recovery from these events is fragile. The next big attack, especially if it targets a top-tier protocol using a novel AI-assisted vector, could trigger a wave of fear that dwarfs the Bybit aftermath.
CertiK’s caution is warranted. The drop in losses is not a sign of cryptographic breakthroughs; it’s a statistical artifact of excluding extreme values and of defenders learning to block low-hanging fruit. The real threats—state actors and adaptive AI—are still evolving. As I noted in my Terra-Luna risk model, circular dependencies often hide until the stress test arrives. The current stress test is frequency, not severity. Once severity returns, the narrative reverses overnight.
Takeaway
The next 12 months will test whether the security infrastructure built by major DeFi protocols can withstand a coordinated, AI-enhanced state-level attack. I put the probability at 62% that at least one such attack will succeed on a top-10 protocol before 2027, causing losses exceeding $500M. When that happens, the current calm will be remembered as the eye of the storm. Until then, scrutinize the code, not the headline. And remember: infinite loops are the only honest voids.