Dragonfly: Concerns about a wave of AI-based DeFi hacks have been exaggerated

Predictions that artificial intelligence would trigger an avalanche of attacks on DeFi protocols have not yet materialized. Haseeb Qureshi, managing partner at venture firm Dragonfly, notes that despite a record number of incidents, the median damage from hacks in 2026 has dropped to below $500,000. For comparison, a year earlier, this figure stood at $2 million.
Shift in Attack Focus: From Giants to "Dead" Projects
In my observation, attackers using AI are increasingly targeting small or abandoned DeFi projects. Major protocols such as Aave, Uniswap, or Compound have significantly strengthened their defenses over the past two years by implementing multi-layered audits and real-time monitoring systems. This makes them unattractive for attacks using generative models, which are only effective against poorly secured smart contracts.
The decline in median damage is not a sign of a weakening threat, but rather a signal of risk redistribution. Small projects, often with low liquidity and no professional audit, become "easy prey." However, their hacks rarely attract the attention of regulators or major media, creating an illusion of security in the sector.
Analytical Conclusion
The current situation shows that AI has not become a "DeFi killer," but rather a tool for opportunistic attacks. The market has adapted: major players have built defenses, while small projects remain vulnerable. I predict that in the next 12-18 months, we will see an increase in attacks on new tokens and low-capitalization liquidity pools, where using AI to find vulnerabilities will be most cost-effective. Investors should prioritize audit and team transparency, rather than simply following the hype.