Unverified contracts, not just closed code, are the risk signal
The key risk signal is no longer whether code is open or closed. It is whether it is verified. Over the past six months, at least $36.7 million has been stolen from protocols whose source code was never publicly verified. That makes this more than a niche series of exploits: attackers are targeting contracts that fall outside normal public review.
When source code is not verified, attackers have to work from decompiled bytecode. That used to raise the barrier to entry. Now AI may be lowering it. Once decompiled output is readable enough for LLMs to parse, pattern matching can happen much faster than manual reverse engineering.
The practical takeaway for investors and users is straightforward: unverified deployments can still hold millions in user funds, while receiving less public scrutiny, fewer community-driven bug reports, and weaker pre-exploit detection. That combination turns a code-quality problem into a liquidity and trust problem quickly.
Why AI is making the pipeline more dangerous
How the attack workflow may be changing
Once an unverified contract is decompiled, the output is no longer pure obscurity. It becomes logic that LLMs can scan for familiar vulnerability patterns decompile raw bytecode to find the vulnerabilities identify vulnerability patterns at scale. That does not require human-level intuition. It requires consistent parsing, repetition, and speed.
AI becomes a force multiplier because attackers no longer need a rare specialist to sit on raw bytecode for weeks. A model can help triage decompiled code, flag suspicious control flow, and draft exploit logic faster than a manual review cycle.
Simulation data points to lower skill and cost barriers
The latest simulation work adds context. On contracts that had been exploited in the real world, Claude Opus 4.5, Claude Sonnet 4.5, and GPT-5 developed exploits collectively worth $4.6 million SCONE-bench. That suggests AI can still extract value from known exploit classes when the code path is recoverable.
The more important signal is on the margin. In simulation, Sonnet 4.5 and GPT-5 uncovered two novel zero-day vulnerabilities and produced exploits worth $3,694 at an API cost of $3,476 evaluated in simulation against 2,849 recently deployed contracts. The dollar amounts are modest today, but the economics matter more than the headline payout.
Bulls will rightly note that these are still lab-style results, not live-chain attacks. The study explicitly tested in blockchain simulators, not live chains never tested exploits on live blockchains. Bears will note that the key trend is the fall in analysis cost, time, and skill friction. When decompiled code becomes cheaper and faster to turn into exploit drafts, exploitation stops looking like a boutique craft.
That is also why defense is shifting. Chainalysis is moving from dashboards to AI agents that can execute full workflows, with investigation becoming a machine-speed problem previously this March. Even as defense scales, the attack surface still expands when contracts are deployed without readable code.
How to price unverified smart-contract risk
The cleanest way to price this risk is to discount protocols that keep core logic unverified, especially where user funds are pooled. Unverified contracts still hold millions in user funds, but they get less public scrutiny, fewer community-driven bug reports, and weaker pre-exploit detection. If those contracts sit under staking, yield, vault, or bridge-like functions, reputation damage and exit-quality deterioration can spread quickly after an exploit.
This backdrop is not a niche edge case. Crypto hacking was a persistent threat, and 2024 saw roughly $2.2 billion stolen across 303 hacking incidents. A diversified crypto portfolio may survive one broken adapter, but repeated exposure to opaque capital pools can compound risk faster than markets always price in upfront.
What to watch now
- Avoid new exposure to yield or staking products whose core contracts are not publicly verified.
- When tracking losses or attribution, prefer data with peer-reviewed academic validation and admissible in U.S. federal court.
- Treat today's KNPA partnership announcement as a sign that virtual-asset investigation capacity is deepening.