Unverified DeFi contracts linked to $36.7M in losses: Chainalysis
Chainalysis says unverified smart contracts were tied to at least $36.7 million in losses across four DeFi exploits in the past six months. The biggest case was Truebit, which lost $26.2 million after an integer overflow bug was exploited in a contract left unverified on Ethereum since 2021. Other affected protocols included Trusted Volumes, Aperture Finance, and Ekubo. Because the code was not publicly verified, it drew less security review and was excluded from many bug bounty programs. Chainalysis says attackers are increasingly using decompilation tools and AI to reverse-engineer hidden bytecode, making “security through obscurity” less effective. It recommends source code verification, wider bug bounty coverage, and real-time monitoring. The report comes amid broader crypto thefts, including $629.7 million stolen in April, driven mainly by the KelpDAO and Drift Protocol exploits.
