$786 million stolen this year—DeFi’s security crisis shouldn’t be blamed on AI
TechFlow Selected TechFlow Selected
$786 million stolen this year—DeFi’s security crisis shouldn’t be blamed on AI
Traditional finance veteran lashes out at DeFi: “Don’t use AI as an excuse—you’re simply doing a terrible job.”
Navigating Web3 tides with focused insightsAuthor: DLNews
Translation & Editing: TechFlow
TechFlow Intro: Cryptocurrency hacks have surged explosively this year—but the real threat isn’t code vulnerabilities; it’s people. From Bybit’s $1.5 billion breach to Drift’s $300 million loss, hackers have manipulated developers through social engineering—yet the industry is deflecting attention with “AI threat” narratives to mask its own failures in security practices. For investors and practitioners alike, this means even the most rigorous technical audits cannot guard against human weakness; project selection must prioritize team security awareness and process management.
Michael Pearl feels he’s being phished.
Michael Pearl, Strategic Vice President at cybersecurity firm Cyvers, told DL News that suspicious individuals approach him at cryptocurrency conferences, pitching implausible “too-good-to-be-true” stories.
“I’ve encountered this several times and suspected I was under a social engineering attack,” he said.
“Someone approaches you with an unbelievable story—saying they want to invest in your company or buy your product—and then sends you a highly suspicious link.”
Social engineering is a tactic used by cybercriminals to trick victims into clicking links embedded with malware. It’s a form of psychological manipulation designed to lower people’s guard. Often, it serves as the first step in digital attacks targeting crypto projects—and can originate from anywhere.
For example, the notorious North Korean hacking group Lazarus Group has a documented history of using fake job postings on LinkedIn to lure victims.
The February 2025 $1.5 billion Bybit hack, the January theft of $282 million from a cryptocurrency holder, and this month’s Drift Protocol attack—all began with social engineering.
And the situation is worsening. In October last year, crypto security firm Elliptic warned that social engineering attacks targeting crypto projects are on the rise—a growing concern among blockchain investigators and traders who’ve observed a sharp spike in cybercrime this year.
“The Primary Target”
A handful of headlines this year paint a grim picture.
The team behind Solana-based exchange Drift was approached at a conference by seemingly well-intentioned businesspeople—and shortly thereafter, the project lost nearly $300 million.
In early April, a hacker deceived HyperBridge, a crypto bridge, into creating uncollateralized tokens, minting $1.2 billion worth of counterfeit cryptocurrency out of thin air.
Days later, one of the industry’s most prominent billionaires—Justin Sun—publicly appealed to the North Korean hackers allegedly behind the Kelp DAO breach, urging them to come forward for negotiations.
Last year, hackers stole a record amount of cryptocurrency. According to DefiLlama data, over $2.5 billion was stolen. So far this year, criminals have stolen $786 million from crypto projects.
While decentralized finance (DeFi) protocols have drawn specific scrutiny, centralized systems—including Coinbase, the largest U.S. exchange—are actually the biggest targets.
Now, hackers have turned renewed attention to DeFi. This fast-moving, experimental sector—once infamous for vulnerabilities and widely believed to have matured—is back in the spotlight—for all the wrong reasons.
“Right now, DeFi appears to be the primary target,” Pearl said. “Overall, everything has shifted toward attacking humans—not systems.”
Attacking Humans
What’s driving this surge in thefts? Security experts point to humans as the core failure point.
“The initial intrusion point often begins with a person,” Matt Price, Vice President of Investigations at Elliptic, told DL News, adding that AI is helping bad actors refine their social engineering techniques.
The largest hack in cryptocurrency history—the $1.5 billion breach of crypto exchange Bybit—occurred after attackers impersonated trusted open-source contributors and convinced developers to install malicious software.
This year’s attacks unfolded similarly.
According to blockchain security firm Chainalysis, the Drift Protocol was targeted by hackers who had built rapport with the exchange’s team, posing as members of legitimate trading organizations.
They then tricked Drift employees into signing transactions they didn’t fully understand—handing over administrative control. The hackers walked away with nearly $300 million in assets.
Just an Excuse?
Since the proliferation of better, cheaper AI models, hackers have gained access to more sophisticated tools—and according to some, this has indeed helped.
This week, lawmakers grilled cybersecurity experts during a joint hearing held by the House Subcommittee on Border Security and Enforcement and the Subcommittee on Cybersecurity and Infrastructure Protection. A consensus emerged: hackers are operating more efficiently, leveraging previously inaccessible AI tools to accelerate their work.
Last month, security experts told DL News that cybercriminals are increasingly using AI to scan DeFi protocols for vulnerabilities—and exploit bugs that auditors may have missed.
Others remain skeptical—and argue the AI narrative is merely serving as an excuse.
“The story DeFi is trying to tell is, ‘We’re facing an unimaginable threat—AI—that will find the tiniest, most obscure vulnerabilities,’” said David Schwed, COO of SVRN and a veteran cybersecurity professional in the industry.
“But that’s not true. The reality is: you built something extremely flawed and insecure—and [hackers] are simply finding it faster.”
Schwed, who previously led digital asset product development at BNY Mellon, added that unless DeFi projects begin thinking like traditional financial institutions—putting security first—hacks will continue to occur.
Join TechFlow official community to stay tuned
Telegram:https://t.me/TechFlowDaily
X (Twitter):https://x.com/TechFlowPost
X (Twitter) EN:https://x.com/BlockFlow_News
@DLNewsInfo
