When Hackers Become State Actors and AI: A Security Self-Assessment Checklist for Crypto Projects in 2026

Chainfeeds Guide:

Over the past decade, the crypto world has spent a great deal of time proving that it is not a Ponzi scheme; in the next decade, it needs to demonstrate with the same determination that it is secure enough to bear serious capital.

Source:

Author:

On-chain Apocalypse

Opinion:

On-chain Apocalypse: This year, crypto attacks have shown a new kind of symmetry: the number of incidents has decreased, but the destructiveness of each attack has increased significantly. The mid-2025 report released by SlowMist shows that the crypto industry experienced 121 security incidents in the first half of the year—a 45% decrease from 223 incidents in the same period last year. This should be good news, but the losses from these attacks soared from $1.43 billion to about $2.37 billion, an increase of 66%. Attackers are no longer wasting time on low-value targets, but are focusing on high-value assets and high-tech barriers. Decentralized Finance (DeFi) remains the main battlefield for attackers, accounting for 76% of attack incidents. However, despite the high proportion of incidents (92 cases), losses from DeFi protocols dropped from $659 million in 2024 to $470 million. This trend indicates that the security of smart contracts is gradually improving, with the popularization of formal verification, bug bounty programs, and runtime protection tools building a stronger defense for DeFi. But this does not mean that DeFi protocols are already safe. Attackers have shifted their focus to more complex vulnerabilities, seeking opportunities that can bring greater returns. Meanwhile, centralized exchanges (CEX) have become the main source of losses. Although there were only 11 attack incidents, the losses reached as high as $1.883 billion, with a single well-known exchange suffering a loss of $1.46 billion—one of the largest single attack incidents in crypto history (even exceeding the $625 million Ronin incident). These attacks did not rely on on-chain vulnerabilities, but stemmed from account hijacking, internal privilege abuse, and social engineering attacks. This "efficiency gap" has also led to a polarization of attack targets: DeFi battlefield: technology-intensive—attackers need to deeply understand smart contract logic, discover reentrancy vulnerabilities, and exploit flaws in AMM pricing mechanisms; CEX battlefield: privilege-intensive—the goal is not to crack the code, but to gain access to accounts, API keys, and multi-signature wallet signing rights. At the same time, attack methods are also evolving. The first half of 2025 saw a series of new types of attacks: phishing attacks exploiting the EIP-7702 authorization mechanism, investment scams using deepfake technology to impersonate exchange executives, and malicious browser plugins disguised as Web3 security tools. A deepfake scam ring busted by Hong Kong police caused losses of over HK$34 million—the victims thought they were video chatting with real crypto influencers, but in fact, the other party was an AI-generated virtual persona.