PANews reported on June 10th that, according to a Chainalysis report, at least $36.7 million has been stolen in the past six months from protocols whose source code has not been publicly verified, including Truebit, Trusted Volumes, Aperture Finance, and Ekubo. Attackers search for vulnerabilities by decompiling the raw bytecode. AI-assisted exploit development is accelerating this trend, with large language models enabling scalable identification of vulnerability patterns.

Chainalysis points out that unverified contracts lack community scrutiny and are often excluded from bug bounty programs. The barrier to entry for AI decompilation and vulnerability analysis is rapidly decreasing, allowing attackers to systematically scan thousands of unverified contracts. Protocols should verify all contract code, audit actually deployed contracts, expand bug bounty coverage, and implement real-time on-chain monitoring. Every unverified contract is a potential target for automated scanning, and obfuscation alone is no longer an effective security measure.