Dragonfly Partner: AI Has Not Caused a DeFi ‘Hackpocalypse’

3 hours ago 2

Rommie Analytics

 Ai Has Not Caused A Defi ‘hackpocalypse’

Concerns that AI would spark a wave of catastrophic decentralized finance hacks—an era some dubbed a “hackpocalypse”—have not fully materialized, according to Dragonfly managing partner Haseeb Qureshi. Qureshi pointed to 2026 data showing that while incident counts have risen, the average impact per hack appears smaller than in 2025.

His assessment arrives amid broader debate sparked by OpenZeppelin founder Manuel Aráoz, who suggested that most of DeFi remains unsafe as AI coding agents improve at finding smart contract weaknesses. Taken together, the differing views highlight a key tension: AI may be increasing the volume of exploit opportunities, but it may not be translating into the same scale of losses witnessed during previous headline attacks.

Key takeaways

Qureshi says 2026’s hack frequency has hit record highs, but median hack size is below $500,000—down from over $2 million in 2025. He argues AI-driven attackers are focusing on “small protocols and abandonware,” while larger DeFi systems have improved defenses. Some large 2025 and early-2026 outliers—such as the Bybit, Drift, and KelpDAO incidents—still shape how annual loss totals should be interpreted. Even with lower headline losses across H1 2026, CertiK cautions that the industry may not be meaningfully safer, with recent losses concentrated in a few major exploits. North Korean-linked activity remains a persistent driver of high-impact crypto losses, according to CertiK and TRM Labs estimates.

Hackpocalypse fears versus shrinking median losses

Qureshi responded to the widening AI-security debate by pointing to how hack economics may be changing. Although the number of reported incidents has increased and reached a record high, he said the median size of hacks in 2026 has fallen to under $500,000. By contrast, he cited a median above $2 million for 2025.

To Qureshi, that split—more hacks, but typically smaller—suggests malicious actors using AI may be optimizing for easier targets rather than attempting to compromise the most heavily defended protocols. In his framing, the threat is shifting toward smaller teams, poorly maintained projects, and “abandonware” rather than overwhelming the broader security posture of well-resourced DeFi platforms.

He also noted that when analysts exclude certain months dominated by extremely large incidents, the year-to-date loss picture looks less severe than the previous year. Among the outliers he referenced were the February 2025 Bybit hack and 2026 incidents including Drift Protocol and KelpDAO exploits.

Earlier reporting from Cointelegraph on Q2 2026’s most-hacked quarter catalogued a higher incident count, while Qureshi’s follow-up analysis—shared on social media—argued that the scale of typical compromises has not followed the same upward trajectory.

OpenZeppelin’s warning: AI agents can find vulnerabilities faster

The optimism from Qureshi stands in contrast to warnings from Manuel Aráoz, whose comments reflect a different threat model. Aráoz said he considers “all of DeFi unsafe,” pointing to the growing capability of AI coding agents to identify smart contract vulnerabilities.

In practice, this argument does not necessarily predict fewer breaches; it predicts more effective discovery and exploitation of code flaws. That would align with the broader observation that the number of incidents can increase even if the median losses decrease—suggesting that AI may lower the barrier to entry for exploitation, but not guarantee large-scale takeovers every time.

What remains uncertain is whether AI will eventually concentrate attacks on higher-value targets or whether improved defensive engineering by major DeFi ecosystems can consistently keep the hardest targets out of reach. Qureshi’s view implies the latter is happening at least for now, particularly outside of extreme outlier events.

Industry-wide loss trends: down headline numbers, concentrated risk

While Qureshi emphasized DeFi-specific dynamics, broader ecosystem datasets tell a more mixed story. According to DefiLlama, crypto hacks in April totaled around $644 million in losses—an over one-year high last seen in February 2025, when the Bybit hack pushed monthly losses to approximately $1.46 billion. This indicates that even if medians are shrinking, large incidents remain capable of abruptly reshaping monthly totals.

CertiK’s analysis similarly complicates a simple “safer now” narrative. The firm reported that cryptocurrency hacking losses fell 46.8% year-on-year to $1.32 billion in the first half of 2026. However, CertiK told Cointelegraph that lower headline losses do not necessarily mean the industry is safer.

CertiK pointed out that last year’s numbers were heavily distorted by the $1.4 billion Bybit hack, making year-over-year comparisons sensitive to the presence of extreme events. In the second quarter of 2026, the firm said more than 70% of losses originated from the KelpDAO and Drift Protocol exploits—incidents that were largely attributed to North Korean state-sponsored hackers.

This concentration matters for investors and builders because it suggests the risk may be less about day-to-day average losses and more about tail events—periods when a small number of high-impact exploits dominate the damage.

State-linked hacking and the question of whether defenses are keeping pace

Beyond AI’s role in vulnerability discovery, CertiK and other analysts continue to emphasize the ongoing importance of state-linked adversaries. The data cited by Cointelegraph notes that North Korean hackers have stolen more than $6 billion since 2017, while TRM Labs estimated in April that North Korea accounted for 76% of all crypto hack value in 2026 with just two attacks.

For traders and security teams, that framing implies a dual problem. First, AI can potentially increase the number of exploitable weaknesses being identified across the ecosystem. Second, even if many of those weaknesses are in smaller, less defended systems, high-impact compromises may still come from actors with substantial resources and operational discipline.

In that sense, Qureshi’s argument about “small protocols and abandonware” may explain the rise in incident count without matching the scale of the worst-year events. But CertiK’s findings—and the concentration of losses in major exploits—suggest that the most dangerous outcomes are still driven by a limited set of targeted breaches rather than a broad-based wave of uniformly catastrophic failures.

Readers should watch whether 2026’s median decline persists over time and whether more of the high-dollar losses continue to cluster in a small number of major incidents. The key uncertainty is whether AI-driven tooling will eventually shift the balance from low- to mid-impact compromises toward larger, systemic targets—or whether better operational security by the biggest platforms will keep tail risks contained.

This article was originally published as Dragonfly Partner: AI Has Not Caused a DeFi ‘Hackpocalypse’ on Crypto Breaking News – your trusted source for crypto news, Bitcoin news, and blockchain updates.

Read Entire Article