BlockBeats report: On June 10, blockchain analysis firm Chainalysis released a report stating that attackers are increasingly targeting smart contracts with unverified source code. Over the past six months, at least four DeFi protocols using unverified contracts have been attacked, resulting in combined losses of approximately $36.7 million.
The report states that with the advancement of decompilation tools such as Dedaub and Panoramix, and the ability of large AI models to rapidly analyze decompiled bytecode, attackers can now batch-scan on-chain unverified contracts, automatically identify vulnerabilities such as reentrancy attacks, access control flaws, and arithmetic overflows, and prioritize the most valuable targets for exploitation.
Chainalysis stated that unverified contracts, while making it easier for outsiders to examine the source code, lose the security protections provided by white-hat researchers, community audits, and bug bounty programs. A notable example is the Truebit attack in January this year, where an attacker exploited an integer overflow vulnerability in a contract whose source code had never been publicly verified since its deployment in 2021, stealing approximately $26.2 million.
As AI-assisted vulnerability discovery capabilities continue to improve, the model of relying on code obfuscation for security is rapidly becoming obsolete. Chainalysis recommends that protocol teams treat source code verification as the minimum security standard and enhance real-time on-chain monitoring and bug bounty coverage to reduce potential attack risks.