Haseeb Qureshi, a managing partner at crypto venture capital firm Dragonfly, has projected that annual decentralized finance (DeFi) hack losses will shrink in 2026 compared to 2025, pushing back against widespread anxiety that artificial intelligence (AI) could supercharge crypto theft. His forecast offers a cautiously optimistic view of the sector’s security trajectory.
More incidents, smaller losses
According to Qureshi, the number of attacks on DeFi protocols is actually rising, but the average financial damage per hack is steadily falling. Hackers are increasingly zeroing in on smaller, weakly protected, or dormant platforms, while the largest, most fortified protocols that hold the bulk of user assets continue to harden their defenses. Losses tied to compromised admin keys and multisignature wallets have also declined, a sign that operational security across the industry is maturing.
AI fears remain unrealized
Despite persistent fears that AI could automate vulnerability discovery or execute adaptive attacks, Qureshi notes that no catastrophic AI-driven hack occurred in 2025, and current AI models still lack the ability to reliably break top-tier DeFi defenses at scale. Security teams are nevertheless deploying AI-powered defensive tools to spot anomalies and patch vulnerabilities faster, turning the arms race into a battle of automation on both sides.
Implications for users and investors
The shrinking average loss per hack is a positive signal for DeFi’s health: high-value assets are becoming safer, and best practices are becoming standard among serious projects. Users should stick with established, audited protocols instead of chasing high yields on unaudited or anonymous platforms. For investors and builders, the trend suggests the financial impact of hacks is being contained, which could lower the risk premium on DeFi investments and attract more institutional capital.
Qureshi’s outlook, shared by WuBlockchain, reinforces a picture of a maturing DeFi security landscape where the anticipated AI crisis has yet to arrive, giving the sector time to develop robust, automated safeguards for the future.