Get Started
Back to Media Room

Firepan Report Finds $3.3 Billion Lost to Web3 Exploits in 2025, Revealing Critical Gaps in Smart Contract Security

New research shows nearly half of exploited protocols had undergone audits, highlighting the need for continuous, AI-driven security approaches

Press Release - Mar 31, 2026 09:00 EDT

NEW YORK, March 31, 2026 (Newswire.com) - Firepan, an AI-powered smart contract security platform, today released a new industry report, The $3.3B Blind Spot: Why Web3 Security Is Broken (and Why AI Is About to Fix It), examining the growing disconnect between traditional security practices and the evolving threat landscape in Web3.

The report finds that Web3 protocols lost an estimated $3.3 billion to exploits in 2025, underscoring systemic challenges in how smart contract security is approached. Notably, nearly half of the exploited protocols had previously undergone security audits, raising concerns about the effectiveness of audits as a primary line of defense.

The full report is available at:
https://drive.google.com/file/d/1S88E1ao6mrzwH6BvSrJLMfpY1mFRvz-a/view

In addition, the report estimates that more than 80% of deployed smart contracts have never been audited, leaving a significant portion of the ecosystem exposed to vulnerabilities.

"Web3 didn't fail because of bad code - it failed because of a broken security model," said Ian Kane, Co-Founder of Firepan. "Smart contracts are dynamic systems, but audits are static. That mismatch is being exploited at scale."

Key Findings

  • $3.3 billion lost to Web3 exploits in 2025

  • 80%+ of smart contracts have never been audited

  • Nearly 50% of exploited protocols had previously undergone audits

  • Rapid growth in AI-assisted attack methodologies

Audits and the Rise of AI-Driven Attacks

According to the report, the industry's reliance on point-in-time audits is increasingly misaligned with how modern attacks are executed. While audits provide valuable insights at a specific moment, smart contracts continue to evolve after deployment, creating new potential vulnerabilities.

At the same time, attackers are leveraging automation and AI to identify and exploit weaknesses more quickly and at greater scale than ever before.

"Attackers are already using AI to identify vulnerabilities in minutes," Co-founder Gerrit Hall added. "Meanwhile, most teams rely on audits that were completed weeks or months earlier."

Proprietary Analysis Highlights Persistent Risk

The report also includes findings from Firepan's internal analysis using its HOUND scanning engine.

In a sample of previously audited smart contracts, Firepan identified 17 exploitable vulnerabilities in contracts labeled as "safe" by third-party auditors. In several cases, these contracts had undergone multiple audits prior to analysis.

These findings suggest that while audits remain an important component of security, they may be insufficient as a standalone solution in rapidly changing environments.

Toward Continuous, AI-Driven Security

Firepan's report concludes that Web3 security must evolve from static assessments to continuous monitoring and detection.

Rather than replacing audits, the report recommends supplementing them with systems that:

  • Continuously scan codebases and deployed contracts

  • Integrate directly into developer workflows

  • Detect vulnerabilities prior to deployment

  • Adapt to emerging attack patterns in real time

"Audits are not going away," said Gerrit Hall. "But treating them as the primary layer of defense is no longer sufficient in an environment where threats are continuous."

About the Report

The $3.3B Blind Spot: Why Web3 Security Is Broken (and Why AI Is About to Fix It) is based on aggregated industry data, exploit analysis, and proprietary research conducted by Firepan.

The full report is available at:
https://drive.google.com/file/d/1S88E1ao6mrzwH6BvSrJLMfpY1mFRvz-a/view

About Firepan

Firepan is an AI-powered smart contract security platform built for continuous protection in Web3. Its core scanning engine integrates directly into developer workflows to analyze code on every commit - identifying vulnerabilities before they reach production. Unlike traditional security approaches that rely on point-in-time audits, Firepan provides ongoing monitoring and detection designed to keep pace with rapidly evolving codebases and AI-driven threats.

For more information, visit https://firepan.com.

Media Contact
[email protected]
https://firepan.com

SOURCE: Firepan

Source: Firepan

Share:

Tags: AI, artificial intelligence, blockchain, crypto, cryptocurrency, security, smart contracts

About Firepan

View Website or Media Room

Firepan is an institutional-grade Web3 infrastructure enabling tokenization and on-chain issuance of real-world assets (RWAs) such as art, real estate, and credit. Designed for asset managers, funds, and financial institutions, Firepan integrates customizable smart contracts, multi-chain deployment, KYC/AML, and real-time cap table management into a seamless minting infrastructure. Its regulatory-first architecture supports offerings under various regulated frameworks, while providing interoperable compliance modules, secondary market readiness, and lifecycle asset tracking. Firepan empowers institutions to bridge traditional finance with blockchain through secure, scalable, and compliant asset tokenization.

Firepan
209031 Decora Drive
Cornelius, NC 28031
United States
Firepan Releases Report on the State of Tokenization and Real-World Assets (RWAs) in 2025

Tokenization of RWAs has hit $15B+. Institutions are live, infra is ready, and Firepan is leading. This isn't theory, it's infrastructure in motion.

Firepan - Jun 17, 2025