Nearly $1 billion has been drained from crypto protocols in 2026 so far, and a large share of the victims had already cleared external audits before being exploited. The gap is widening as exploit tooling gets faster and cheaper to deploy.
Cecuro, an AI-powered auditing platform, says its detection rate reached 91.45% on EVMBench using roughly 180 specialized agents per audit. The company pitches continuous scanning as a complement to point-in-time audits, which remain the industry baseline but increasingly miss live-edge cases.
Why it matters
Audits are a static snapshot of code at a specific commit. Once a protocol ships, governance changes, integrations, and oracle updates move the attack surface away from what was reviewed. AI-assisted exploit development has compressed the time between vulnerability disclosure and weaponization, raising the cost of relying on audits alone.
Market impact
Protocol teams and treasuries are likely to re-evaluate how much of their security budget goes to pre-deploy review versus continuous monitoring and on-chain anomaly detection. Expect more mandates for real-time scanning tied to upgrade queues, and closer scrutiny of audit firms whose clients keep getting hit.
Frequently asked questions
-
How much has been hacked in crypto in 2026 so far?
Nearly $1 billion has been drained from crypto protocols in 2026 so far, according to the figures cited by Cecuro in its alert.
-
Why do audited protocols still get hacked?
Audits are a static snapshot of code at one commit. After deployment, governance changes, integrations, and oracle updates shift the attack surface away from what was reviewed.
-
What is Cecuro's AI auditing platform?
Cecuro is an AI-powered auditing platform that runs roughly 180 specialized agents per audit. It reports a 91.45% detection rate on EVMBench and pitches continuous scanning alongside traditional audits.
-
What is EVMBench?
EVMBench is a benchmark for evaluating smart contract vulnerability detection on Ethereum Virtual Machine compatible code, used to measure auditor and scanner performance.
-
What should protocols do after a hack if audits passed?
Teams typically reallocate security budget toward continuous monitoring, on-chain anomaly detection, and tighter upgrade governance, and they review whether the original audit firm missed live-edge risks introduced after deployment.