Chonky by ConsenSys Diligence and STRATO: Addressing New AI Threats

Chonky by ConsenSys Diligence and STRATO: Addressing New AI Threats

April 2026 saw attackers steal $635 million across 28 separate DeFi exploits, the highest monthly incident count ever recorded and roughly four times the total stolen across all of Q1.

The attacks come as AI has made finding smart contract vulnerabilities 100x cheaper, while writing solid code remains expensive.

In response to the new threats, ConsenSys Diligence has built Chonky, a continuous, AI-powered smart contract auditing agent, and has deployed it on STRATO, a real-world-asset platform built around tokenized gold and silver.

Multiple review cycles are already complete, and both teams are working toward a model where Chonky audits STRATO's code on an ongoing basis, alongside development, instead of in fixed windows after the fact.

AI hacks put the future of DeFi at risk

Recent hacks have changed the incentive structure in DeFi. The risk of total loss has increased while yields are barely beating what can be found in traditional finance. Even long-tenured contracts are not safe.

North Korean operators drained $293 million from KelpDAO through a forged cross-chain message on its LayerZero bridge, and $285 million from Drift Protocol after months of relationship-building and a multisig compromise. Sweat Foundation lost $3.5 million on a contract whose core feature had not been updated in seven months.

Point-in-time audits, even good ones, can no longer keep pace. Balancer was hacked after 15 prior audits. Recent trends show that teams need auditing that runs alongside development, not after it.

Without continuous checking for new attack vectors, the risk of total loss will keep outweighing the marginal yield on offer, and DeFi may stall behind a wall of underwriting costs and bespoke coverage requirements that threaten the viability of decentralized finance.

STRATO and Ready: Case studies in AI-powered audits

Among the responses taking shape is Chonky, an agentic auditing tool from ConsenSys Diligence that draws on the accumulated experience of the ConsenSys team, which has been auditing Ethereum infrastructure since 2017.

Chonky scans repositories of any kind, and engineers tailor it to each client's architecture, threat model, and development workflow. Human security engineers validate and guide the agent's findings, combining the speed of AI with judgment built over years of reviewing production smart contracts.

STRATO gave Chonky a hard test. The platform's blockchain core is written in Haskell, a language uncommon in the smart contract auditing world but common in high-assurance environments because its type system catches whole classes of error at compile time.

"Each scan feeds the next," said Sergii Kravchenko, Lead Security Researcher at ConsenSys Diligence. "We end up with an evolving knowledge base specific to STRATO. Instead of starting fresh every audit, the context compounds." STRATO says the iterative scans on the platform have surfaced higher-impact issues with fewer false positives over successive passes, though neither company has published findings to date.

Ready, formerly Argent, is also testing the agent against its smart contract wallet infrastructure. Ready has reason to be cautious about security. The company has a track record of 9 years and 0 hacks since launching in 2017. Its smart contract code is integrated into the Starknet deposit and withdrawal flows of Binance, Kraken, and OKX. Its consumer wallet has crossed 2 million downloads.

For a team whose code sits inside the wallets of three of the largest crypto exchanges, the calculus around continuous auditing feels, to them, like table stakes.

The future of DeFi security is AI

Both STRATO and Ready are working with ConsenSys to implement continuous AI auditing. It's a model ConsenSys is piloting with several other protocols.

"Security has to be an ongoing service, not a product you buy once," said Kieren James-Lubin, CEO of STRATO. "Static audits made sense when DeFi was experimental and code rarely changed. The market has moved on. Code ships faster, attackers move faster, and defenders need AI in the loop to keep up."

Whether AI-native auditing can scale across the industry is still an open question. The STRATO engagement is one of the first real tests, and ConsenSys is hopeful: "This engagement shows where AI-powered security is going," remarked George Kobakhidze, Senior Partner at ConsenSys Diligence, "amplifying expert-driven analysis at scale."

Web3 security best practices are rapidly changing. We don't know what it will look like in 10 years, but we know it will draw on many lessons from recent hacks, incorporate AI, and set a new paradigm for future-proofing protocols.