The rising use of artificial intelligence (AI) in decentralized finance (DeFi) is sparking concern in the crypto industry. Manuel Araoz, the creator of Open Zeppelin, has recently shed light on the increased risks AI poses to DeFi protocols, leading to heated online discussions. Araoz notes that AI’s capability to pinpoint security flaws is outpacing the current methods, raising alarms among experts.
What makes AI such a formidable adversary?
AI-enhanced tools can uncover weaknesses in established platforms like Aave and Compound more swiftly than traditional approaches. This technological edge gives attackers a significant advantage, allowing them to act faster than security updates can be implemented. Although defenders continuously work to patch vulnerabilities, attackers need only exploit a single flaw to succeed.
Despite thorough security audits, Araoz advises DeFi users to steer clear of permissionless transactions and to use time locks to enhance security. While some stakeholders believe these projects are well-guarded, recent developments have spurred calls for added safety measures.
Why was April a record-breaking month for DeFi breaches?
April witnessed an unprecedented number of DeFi attacks, with incidents totaling an estimated $722 million in losses. Dune Analytics reported that platforms were severely hit by both known threats linked to North Korean hackers and unidentified perpetrators. The majority of these breaches involved vulnerabilities in cross-chain technologies and sophisticated social engineering tactics.
While deficiencies might be anticipated in smaller or fresh protocols, even high-profile projects are not immune from these threats, particularly if some functionalities still rely on centralized components. The April-May data paints a clear picture:
- In April, DeFi protocols lost approximately $722.4 million due to bridge vulnerabilities and social engineering.
- May saw a drop to around $44 million, with smaller protocols and flash loan exploits being primary targets.
As May progressed, there was a noticeable decline in attack frequency and impact. Fourteen recorded incidents in the month were relatively smaller in scale, with ThorChain experiencing the most significant breach. Most threats continued to focus on smaller platforms, although warnings lingered over potential issues with flash loans and bridges involving larger projects.
The recent string of attacks led to a substantial decrease in the total value locked (TVL) in DeFi platforms, dropping from over $98 billion in April to about $81 billion by May. Although platforms like Aave retained around $14 billion in funds, they are still striving to recover.
Security experts are calling on DeFi teams to employ AI defensively, suggesting routine cybersecurity drills to boost resilience against AI-driven threats. However, some industry pundits remain skeptical about AI’s ability to fully protect smart contracts, arguing that human errors and centralized system designs are the more common vulnerabilities.
Security officials underline that while AI poses new challenges, the predominant causes of security weaknesses continue to be rooted in human elements and centralization.
