Back to News

AI feared to cause a DeFi hacking wave, but 2026 losses are falling

Dragonfly Capital partner Haseeb Qureshi says decentralized finance platforms have suffered fewer large attacks in 2026, with both total stolen money and typical hack sizes below 2025 levels. The trend challenges warnings that artificial intelligence would enable mass attacks, though AI-assisted phishing and social engineering remain threats.
The much-feared AI-powered hacking wave never arrived. According to Dragonfly Capital’s managing partner Haseeb Qureshi, the total value stolen from DeFi protocols and the median size of each hack are both dropping compared to 2025 levels. That directly contradicts the doomsday narrative that dominated crypto security discussions last year.

Qureshi made the case in a detailed thread on Tuesday. He pointed to on-chain data showing that 2026 has seen fewer large-scale exploits, and the attacks that do occur are smaller on average. The trend, he argues, is clear: the AI “hackpocalypse” was a false alarm.

For months, security researchers and commentators warned that generative AI tools would let attackers find vulnerabilities faster and automate complex exploit chains at scale. The fear was that DeFi – already prone to billions in losses – would become unmanageable. Instead, the numbers tell a different story.

“The median hack size is actually lower than it was in 2025, and total value stolen is trending down,” Qureshi wrote. “AI hasn’t turned into the weapon everyone expected in DeFi.”

That doesn’t mean the threat is zero. AI-assisted phishing and social engineering remain real problems, he noted. But the idea that large language models would let attackers crack smart contracts en masse hasn’t played out in practice. Protocol defenses have improved, bug bounty programs have expanded, and many teams now use AI themselves to audit code before deployment.

The broader implication for traders and DeFi users is straightforward: the security landscape is not deteriorating as feared. If anything, the improvement in metrics could support a bullish case for DeFi adoption – fewer big hacks mean less catastrophic loss of user funds, which tends to reduce panic selling and restore confidence in protocols.

Still, Qureshi cautioned against complacency. The lack of a single “hackpocalypse” event doesn’t mean the next big exploit isn’t coming. He encouraged protocols to keep investing in formal verification and adversarial testing.

For now, the data is on the side of the optimists. The next verifiable checkpoint for this thesis will be the end-of-quarter loss totals published by firms like Chainalysis and Rekt News. If the trend holds through Q3, the AI-hype narrative around DeFi security may finally be buried.

Related news