Fears that artificial intelligence would spark widespread catastrophic breaches in decentralized finance have not come true, according to Dragonfly managing partner Haseeb Qureshi. Dragonfly is a prominent venture capital firm focused on crypto and Web3 projects. Qureshi stated that although the number of DeFi incidents has reached a record high, the median size of exploits has shrunk to less than $500,000 in 2026, down sharply from over $2 million in 2025. He explained this trend by noting that malicious actors using AI seem to be increasingly targeting minor projects and neglected platforms, rather than established protocols that have improved their defenses.
Industry response and security concerns
Qureshi’s remarks follow concerns from Manuel Aráoz, founder of OpenZeppelin, a blockchain security company. Aráoz has expressed deep skepticism about DeFi’s safety due to advancements in AI code analysis, warning that smart contracts remain highly vulnerable to exploitation by automated tools. Despite technical improvements in security, he maintains that fundamental risks are still present across the sector.
Broader data from industry trackers reveal a more complex picture. Incidents affecting centralized platforms, wallet breaches, phishing attempts, and DeFi exploits drove crypto losses to approximately $644 million in April, making it the highest monthly total in more than a year. The last comparable peak was in February 2025, when the Bybit incident caused monthly losses to spike to $1.46 billion, according to data from DefiLlama.
Despite record-high incident counts, the median hack size in DeFi has fallen below $500,000 this year, a marked reduction from over $2 million in 2025.
Mini dictionary: OpenZeppelin is a software development and security firm that provides open-source tools and services for blockchain projects, with a particular focus on smart contract security in the DeFi sector.
Crypto thefts in 2026 and key risk factors
Blockchain security company CertiK reported that losses from cryptocurrency hacks declined by 46.8% year-on-year to $1.32 billion in the first half of 2026. CertiK cautioned, however, that falling overall losses may not signal improved industry security. The company noted that last year’s figures were significantly inflated by the $1.4 billion Bybit breach, which remains the largest crypto hack on record.
CertiK emphasized that the reduced monetary losses during the first half of 2026 should not be misconstrued as a sign that the Web3 ecosystem is fundamentally safer.
TRM Labs, a blockchain intelligence firm, reported that North Korean hackers remain a significant threat to the sector, having stolen more than $6 billion in cryptocurrencies since 2017. This persistent threat underscores the ongoing security challenges facing both decentralized and centralized platforms.
| Period | Total Crypto Losses | Notable Hacks | Median Hack Size |
|---|---|---|---|
| 2025 (Full Year) | $2.5 billion+ | Bybit ($1.4B) | $2 million+ |
| H1 2026 | $1.32 billion | Drift Protocol, KelpDAO | <$500,000 |
| April 2026 | $644 million | Multiple | N/A |
Ongoing risks and regulatory investigations
Despite the relative decline in headline losses, experts stressed that DeFi platforms remain exposed to risks, particularly from sophisticated attackers using automated or artificial intelligence tools. Recent law enforcement actions also highlight the threats posed by cybercriminal organizations. In April, Belgian police arrested an individual believed to lead a phishing group responsible for stealing $572,000 worth of cryptocurrencies.
Elsewhere, the resilience of major DeFi projects and the shifting tactics of hackers underscore the need for continued vigilance. Although well-established protocols have boosted their security, smaller and abandoned projects now attract a disproportionate share of attacks.
Analysts suggested that industry participants and users remain cautious, given the evolving threat landscape and the demonstrated ability of both AI-driven and human actors to exploit vulnerabilities at scale.




