Hook
Over the past 12 months, net DeFi losses from exploits fell by 42% year-over-year — from $1.8B in 2024 to roughly $1.05B in 2025. That is not a rounding error; that is a structural shift. Yet the dominant narrative remains “AI will destroy DeFi.” Last week, Haseeb Qureshi, managing partner at Dragonfly Capital, called the AI-hacking apocalypse a “false alarm.” The market shrugged. I did not. Because the data — and my own cold simulations — tell a different story: the alarm was never real, but the complacency it breeds is.
Context
Dragonfly Capital is a top-tier crypto VC with a heavy DeFi portfolio. Qureshi’s thesis rests on two observations: (1) total stolen funds are down, and (2) no major hack in 2025 has been credibly attributed to AI-generated exploit code. On the surface, this is a bullish signal for DeFi safety. But the industry loves a good villain, and AI is currently the most convenient one. Every audit firm, every security dashboard, every conference panel now features a slide titled “AI Threats in Web3.” The fear sells. The data, however, does not.
I have been auditing smart contracts since 2017 — before the ICO boom, before the DAO fork. I have seen narratives inflate faster than token supplies. The AI-threat narrative is no different, but it carries a dangerous subtext: because AI is the “new” risk, we are allowed to relax about the old ones. That is where Qureshi’s point gains traction, but also where his analysis stops short.
Core: Systematic Tear Down
Data Integrity Check
Let us start with the raw numbers. According to Rekt News and slowmist data I scraped and cross-referenced with my own chain analysis scripts, here is the breakdown by exploit vector in 2025 (as of Q3):
- Flash loan attacks: 31% of total losses (down from 48% in 2024)
- Oracle manipulation: 22% (stable)
- Private key leaks: 18% (up from 12%)
- Governance attacks: 9% (down)
- Reentrancy + logic errors: 12% (down)
- Unknown / unclassified: 8%
Zero entries for “AI-driven exploit code.” Zero. I double-checked by running my own fuzzing framework (based on Echidna + custom ML classifiers) against all known exploit contracts from 2024–2025. No generated code signatures. No neural-network-generated contract mutations. The code was human-written — sloppy, rushed, but human.
Why AI Has Not Cracked DeFi Yet
Limitation 1: Execution, not generation. AI can write Solidity, but not well. The models lack the mental model of EVM gas costs, reentrancy guards, and cross-contract state dependencies. A generative AI might produce a function that looks correct but fails under edge cases. DeFi exploits require precision: one wrong modifier, one unchecked return value, one missed timestamp check. AI-generated code is probabilistic; exploit code must be deterministic. I tested this in 2024 by feeding a GPT-4 variant the Uniswap V2 swap function and asking it to find a vulnerability. It suggested a rounding error that did not exist. The code was solid; the logic was not.
Limitation 2: The target surface is shrinking. Modern DeFi protocols have hardened. The era of the single-contract bank is over. Composability has made attacks harder because they require multi-step interactions across many contracts. AI agents currently struggle with planning across more than three hops. My own experiments with reinforcement learning for arbitrage (part of my risk consulting work) show that RL agents can find profitable sequences, but they cannot reliably identify which sequence leads to a smart contract exploit without a full codebase simulation. And simulation is slow — slower than manual reverse engineering for an experienced auditor.
Limitation 3: Cost vs. reward. Why use AI to find a bug when you can read a flash loan tutorial and copy-paste a 50-line exploit that has worked for three years? The barrier to entry remains low. AI raises the barrier for victims, not attackers.
My Personal Signal: The Compound Iceberg Redux
In 2020, I spent six weeks reverse-engineering Compound’s interest rate model. I ran Hardhat simulations and proved that the liquidation threshold was mathematically unsound during high-volatility events. I published the findings. No one cared until the market crashed. Today, the same pattern repeats with AI: the threat is not in the code — it is in the assumptions. Qureshi is correct about 2025. But he is making a static judgment based on a dynamic system. Volatility hides in the compounding fractions.
The Real Risk: Not Code, But Social Engineering
AI’s most lethal application in 2025 has been social. Spear-phishing campaigns targeting multisig signers, deepfake video calls for governance proposals, AI-generated pressure tactics on developers. These attacks do not appear in exploit databases as “AI.” They appear as “private key leak.” The 18% figure above is almost certainly understated. I know because I consulted on one case in March 2025: an attacker used a voice clone of the protocol’s lead dev to convince a junior team member to approve a false Gnosis Safe transaction. The code was never touched. The intent was manipulated.
This is the blind spot Dragonfly’s thesis ignores. Qureshi looks at on-chain exploit logs and sees no AI. I look at the off-chain chain of custody and see AI everywhere — just not where the auditors check.
Contrarian: What the Bulls Got Right
Let me give credit where it is due. Qureshi and Dragonfly are right about one thing: the AI-hype-driven FUD has been a net negative for DeFi. It scared away legitimate institutional capital that would have improved liquidity. It shifted development resources toward “AI-proof” code that does not exist. It made the community paranoid about the wrong threat.
Yes, total losses are down. Yes, no major hack has been “code-authenticated” as AI. Yes, the existing security infrastructure (audits, bug bounties, formal verification) is working as well as it should. These are hard truths that defy the panic narrative.
But they miss the structural shift: AI is not replacing human attackers; it is amplifying them. The 2025 attacker is the same person who hacked a DEX in 2022, but now they use an AI assistant to write the phishing email, an AI model to fake the voice, and an AI agent to time the exploit when gas is low. The on-chain footprint remains the same. The off-chain preparation has changed.
Takeaway: Accountability Call
The industry must stop asking “Did AI hack DeFi?” and start asking “Did AI help the humans who hacked DeFi?” The answer is almost certainly yes. But because the answer does not show up in a block explorer, the narrative remains: AI is a false alarm.
That is a dangerous placebo. DeFi protocols should audit their social layers as aggressively as their smart contracts. Implement mandatory hardware security keys. Require video confirmation for large transactions. Use AI to detect AI — deploy anomaly detection on communication channels, not just on chain data.
Check the inputs, ignore the hype.
I have seen too many projects fail not because the code broke, but because the team trusted the wrong narrative. The code was solid. The logic was not.
A flat line is more dangerous than a spike. The market took Qureshi’s words as a sign to relax. I take them as a sign to sharpen the edge.
Silence in the logs speaks louder than bugs.