Cybersecurity specialists warn that one-time smart contract audits no longer provide sufficient protection. We explain why.
Artificial intelligence is enabling hackers to find vulnerabilities far faster than before. According to CertiK, the crypto industry lost $1.32 billion across 344 incidents in the H1 of 2026. Net losses, after frozen and recovered funds, came to about $1.2B.
Hot topic: Bitcoin Price Can Soar in July If History Repeats, CryptoQuant Says
Attacks on smart contracts older than one year are increasing, indicating a systematic return by attackers to legacy codebases. Experts are urging projects to move from one-time audits to regular security reviews.
Contents
Why Old Contracts Are Becoming Targets
TRM Labs Head of Policy Ari Redbord said that “attack methods evolve faster than an audit conducted on launch day can account for.” The industry, he said, should shift to continuous monitoring rather than relying on one-time checks.
CertiK’s report said projects with legacy infrastructure should treat re-audits as a regular operational requirement. The firm recorded 204 code vulnerability exploits totaling $151.6M, with attacks on contracts older than one year on the rise. This coincides with improvements in automated tools for detecting hidden vulnerabilities in large codebases.
One example is the Zcash blockchain incident. Shielded Labs security engineer Taylor Hornby discovered a critical vulnerability in the Orchard pool using an agent built on Anthropic’s Claude Opus 4.8. The bug had existed from May 2022 until its emergency patch in June 2026.
Read more: AI vs Crypto Smart Contracts — Can AI Replace Code Auditors?
AI Agents Finding $4.6 Million in Vulnerabilities: Anthropic Study
In December 2025, Anthropic published a study on AI agents’ ability to find and exploit smart contract vulnerabilities. On the SCONE-bench benchmark, agents tested 405 real exploited contracts from 2020-2025. On a dataset of vulnerabilities from after the model’s knowledge cutoff, results improved from 2% to 55.88% over the year. The cumulative value of successfully simulated exploits grew from $5,000 to $4.6M.
Anthropic estimated the average cost of scanning a single contract for vulnerabilities at $1.22. As costs fall and agent capabilities grow, the company warned, the window between flawed code appearing and its exploitation will shrink.
Read more: US Lifts Export Restrictions on Anthropic’s Fable 5 and Mythos 5
Shut-Down Protocols Under Attack: Aztec Connect and mySwap
Hackers are increasingly attacking protocols that have already been shut down or restricted. On June 14, an attacker drained about $2.19M from Aztec Connect–a privacy solution discontinued in 2023. Days later, the mySwap DEX smart contract was hacked for about $300,000–despite the platform having stopped accepting new liquidity over six months earlier.
Positive examples exist as well. In May, whitehat hacker 0xflorent helped return 1,003 ETH to 48 Hong Coin ICO investors from 2016, whose funds had been locked for years due to a bug in the automatic return mechanism.
Read more: Claude Helped a User Recover 5 BTC Worth $400K
North Korean Groups and Overall Loss Picture
TRM Labs recorded 207 hacking attacks in the first half of 2026–a record for the firm’s dataset. Total losses came to $972M, less than half the figure for the same period in 2025.
Major infrastructure compromises drove most of the damage–accounting for about 15% of incidents but roughly 76% of stolen assets. North Korea-linked groups stole about $643M, or roughly two-thirds of all stolen funds, with nearly all of that coming from two April attacks on Drift Protocol and KelpDAO.
Learn more: What Is Crypto Cybersecurity? The Ultimate Guide to Protecting Digital Assets
