Back

Attackers Target Unverified Smart Contracts, Stealing $36.7 Million

Severity: High (Score: 67.5)

Sources: Panewslab, Chainalysis

Published: 2026-06-10 · Updated: 2026-06-10

Keywords: smart, attackers, unverified, contracts, target, million, stolen

Summary

In the past six months, attackers have exploited unverified smart contracts, stealing at least $36.7 million from various protocols, including Truebit and Trusted Volumes. The attacks involved decompiling the raw bytecode of these contracts, which lack community scrutiny and are often excluded from bug bounty programs. The Chainalysis report highlights that the barrier for AI-assisted exploit development is lowering, allowing attackers to systematically scan thousands of unverified contracts. A significant incident occurred on January 8, 2026, when an attacker drained $26.2 million from Truebit by exploiting an integer overflow vulnerability in its contract. This trend is likely to continue as the security of unverified contracts remains a concern. Key Points: • Attackers stole $36.7 million from unverified smart contracts in six months. • AI tools are facilitating the identification of vulnerabilities in these contracts. • Protocols are urged to verify contracts and expand bug bounty programs to enhance security.

Detailed Analysis

**Impact** At least $36.7 million was stolen over the past six months from five DeFi protocols with unverified smart contracts, including Truebit, Trusted Volumes, Aperture Finance, and Ekubo. The attacks affected protocols operating primarily on Ethereum, targeting contracts responsible for holding or managing user funds. The financial losses represent a subset of the broader DeFi theft landscape, with these unverified contracts being a distinct and growing target. The compromised funds directly impact users and protocol liquidity, with potential reputational damage to affected projects. **Technical Details** Attackers exploited vulnerabilities in unverified, closed-source smart contracts by decompiling EVM bytecode, often using AI-assisted tools to identify exploitable patterns. A notable exploit involved an integer overflow in Truebit’s bonding curve contract compiled with Solidity v0.5.3, allowing minting of tokens at near-zero cost. Attackers systematically scanned thousands of contracts, escalating from small to large targets and laundering proceeds through Tornado Cash. Exploits targeted implementation contracts hidden behind verified proxy shells, bypassing traditional source code verification defenses. **Recommended Response** Protocols must verify all smart contract source code on block explorers and audit the actual deployed contracts, including those added post-audit. Bug bounty programs should be expanded to cover all contracts managing user funds. Deploy real-time on-chain monitoring to detect anomalous contract interactions and implement detection rules for known exploit patterns. Obfuscation is ineffective; defenders should prioritize verification, comprehensive audits, and monitoring over reliance on closed-source code.

Source articles (2)

  • Unverified Smart Contracts Are a Preferred Target for Attackers — Chainalysis · 2026-06-09
    The crypto security community has long debated whether open-sourcing smart contract code makes protocols safer or simply provides attackers with a roadmap. In practice, the overwhelming majority of ma…
  • Unverified smart contracts become a new target for attackers, with $36.7 million stolen in six months. — Panewslab · 2026-06-10
    PANews reported on June 10th that, according to a Chainalysis report, at least $36.7 million has been stolen in the past six months from protocols whose source code has not been publicly verified, inc…

Timeline

  • 2026-01-08 — Truebit exploited for $26.2 million: An attacker exploited an integer overflow vulnerability in Truebit's unverified smart contract, draining $26.2 million.
  • 2026-06-09 — Chainalysis report published: Chainalysis reported that $36.7 million was stolen from unverified smart contracts over six months, highlighting the growing trend of such attacks.
  • 2026-06-10 — PANews article published: PANews reported on the Chainalysis findings, emphasizing the role of AI in accelerating exploit development against unverified contracts.

Related entities

  • Data Breach (Attack Type)
  • Aperture Finance (Company)
  • Ekubo (Company)
  • Sparkle Protocol (Company)
  • Truebit (Company)
  • Trusted Volumes (Company)
  • Arbitrum (Company)
  • Base (Company)
  • Ethereum (Company)
  • Cwe-190 - Integer Overflow Or Wraparound (Cwe)
  • BNB Chain (Platform)
  • GitHub (Platform)
  • Etherscan (Tool)
  • Tornado Cash (Tool)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed