Logo
My Crypto News AI

Why Hackers Are Abandoning Wallet Attacks for Protocol Exploits

Hackers are moving away from targeting individual wallets and instead focusing on vulnerabilities embedded in blockchain protocols themselves, a shift that's costing the crypto industry tens of millions monthly. In July alone, protocol exploits and hacks accounted for $57 million in losses, according to DeFi Llama data, marking a significant change in how attackers operate.

What Changed in Crypto Hacking Tactics?

For years, the most common crypto theft involved hackers compromising individual wallets or exchange accounts. But the landscape has shifted dramatically. In June, over $75 million was stolen from multisig wallets and protocols, yet the methods used to steal those funds have become far more sophisticated. Rather than relying on phishing or password theft, modern attackers are discovering logical flaws buried deep within the code that powers decentralized finance (DeFi) applications, which are financial platforms built on blockchain networks without traditional intermediaries.

The recent wave of exploits reveals attackers using much more varied and technical techniques than in previous years. This suggests a more methodical analysis of vulnerabilities, potentially aided by artificial intelligence tools that can scan code for weaknesses humans might miss. In contrast, earlier DeFi hacks typically targeted well-known attack vectors that affected multiple protocols that had copied the same code from each other.

Which Attack Methods Are Hackers Using Now?

The toolkit for modern protocol exploits has expanded considerably. Attackers are now leveraging a diverse range of techniques to drain funds from blockchain applications:

  • Price Oracle Manipulation: Hackers exploit systems that rely on external price feeds to determine asset values, feeding false data to trigger incorrect transactions.
  • Liquidity Pool Hacks: Attackers target the pools of cryptocurrency that users deposit to enable trading, draining funds by exploiting how prices are calculated within those pools.
  • Governance Attacks: Malicious actors gain voting control over protocol decisions, as happened with Barn Bridge and Bonk DAO, allowing them to unlock treasuries or change critical rules.
  • Flash Loan Exploits: Attackers borrow large sums of cryptocurrency instantly, use it to manipulate prices or drain contracts, and repay the loan within the same transaction, leaving no trace.
  • Broken Signature Verification: Hackers exploit flaws in the cryptographic systems that verify transactions, allowing unauthorized fund transfers.
  • Silent Auto-Approval Vulnerabilities: Attackers trick users into unknowingly granting permission for malicious transactions through front-end manipulation.

These techniques represent a fundamental shift from brute-force wallet attacks to surgical strikes on protocol logic. The sophistication suggests that attackers are conducting deeper analysis of how blockchain applications actually function, rather than simply targeting the weakest security practices.

Which Blockchain Networks Are Being Targeted Most?

Protocol exploits are not distributed evenly across blockchain networks. Instead, attackers are concentrating their efforts on the most liquid and active chains, where stolen funds can be quickly converted to cash. In July, Solana protocols lost over $21 million to hacks, while Arbitrum, one of the most active decentralized finance networks, suffered over $18 million in losses. Ethereum, despite being the most liquid network overall, lagged with just around $7 million in exploits during the same period.

More surprising is the emergence of newer networks as major targets. Base, a newer blockchain, surpassed Ethereum in hack losses with over $14 million stolen in July, while BNB Chain experienced the highest losses of any network at over $36 million. After stealing funds from these secondary chains, hackers typically bridge the stolen cryptocurrency back to Ethereum, where they mix the funds with legitimate transactions to obscure the theft's origin. The ease with which attackers can exploit multiple chains suggests that artificial intelligence may be helping hackers identify vulnerabilities across different blockchain ecosystems more efficiently.

How to Understand the Broader Security Implications?

The shift toward protocol exploits carries serious consequences for the future of blockchain technology, particularly as the industry expands beyond trading tokens into more critical financial infrastructure:

  • Real-World Asset Integration: As blockchain protocols begin handling real-world assets like equities and debt instruments, the threat of hacks becomes exponentially more serious, potentially affecting traditional financial markets.
  • Retail Adoption Risk: The recent addition of retail traders through platforms like Robinhood's blockchain offering means that ordinary investors are now exposed to protocol-level risks they may not understand.
  • Permissionless Design Vulnerability: The core feature of blockchain applications, their permissionless nature, makes them inherently difficult to secure against sophisticated attackers who can interact with protocols without restriction.
  • AI-Assisted Security Arms Race: While artificial intelligence is helping attackers discover vulnerabilities, it is also improving Web3 security, with some protocols now using AI to identify weak spots before hackers do.

The data suggests a complex picture. While protocol hacks are fewer in 2026 compared to the previous year, this may be partly due to some Web3 protocols closing altogether rather than improving security. However, other protocols appear to be successfully preventing exploits by discovering their vulnerabilities before attackers do, indicating that artificial intelligence is becoming a double-edged sword in blockchain security.

The transition from wallet attacks to protocol exploits represents a maturation of the threat landscape. Attackers are no longer content with stealing from individuals; they are now systematically dismantling the infrastructure that underpins decentralized finance. As blockchain technology becomes more integrated with traditional finance through real-world asset tokenization, the security implications of these protocol-level vulnerabilities will only grow more urgent.