<\/p>\n
The crypto hacks came a little over two weeks apart in April, netting the attackers almost $600 million in total while triggering an investor exodus from one major platform and causing another to fail.<\/p>\n
But for all the damage the two exploits wrought, what most alarmed cybersecurity experts was how the hackers pulled them off. The attackers \u2014 widely believed to be North Korea-linked groups \u2014 appear to have used artificial intelligence to select targets and design exploits, according to blockchain forensics firm TRM Labs.<\/p>\n
The heists displayed such a leap in sophistication that it\u2019s highly likely the hackers worked with the help of AI, said TRM investigator Nick Carlsen, who specializes in North Korean crypto crime.<\/p>\n
AI in criminal hands would mark a sharp escalation of the threat facing crypto, which has lost billions of dollars to hacks over the past few years. The industry is uniquely exposed to digital theft because of the nature of the blockchain infrastructure it operates on.<\/p>\n
Investors yanked some $9 billion in two days from a lending protocol used to launder proceeds from one of the April hacks, showing how quickly confidence can vanish even when the platform itself isn\u2019t the target.<\/p>\n
\u201cThere is no room for error in security\u201d now, said Nicholas Smart, chief intelligence officer at blockchain investigations firm Crystal Intelligence.<\/p>\n
Hanging over it all is Mythos, the AI model Anthropic PBC has withheld from wide release over its cybersecurity risks. While there\u2019s no evidence the hackers had access to it, researchers say it\u2019s only a matter of time before criminals obtain more powerful AI tools. And Anthropic\u2019s own research shows that even existing agents are highly capable of exploits.<\/p>\n
Decentralised finance, a $130 billion corner of the industry where investors trade, borrow and lend cryptocurrencies over automated protocols, has become particularly vulnerable. The number of DeFi exploits soared to a record in April, almost doubling from the previous month. That\u2019s prompted a rush among projects to strengthen their defenses against the onslaught.<\/p>\n<\/p>\n
While most of the exploits were small, the jump shows how cybercriminals are getting better at scanning software for weaknesses and quickly designing exploits \u2014 in all likelihood, experts say, with the help of widely available AI models.<\/p>\n
ADVERTISEMENT<\/p>\n
CONTINUE READING BELOW<\/p>\n
Determining whether hackers are using AI isn\u2019t an exact science, according to over half a dozen cybersecurity researchers interviewed for this article. Rather, investigators draw conclusions based on the sophistication of an attack, the methods used, and the perceived difficulty of identifying the target. The abrupt rise in heists is in itself a clear indicator that hackers are deploying AI, they said.<\/p>\n
\u201cWith AI, the cost of vulnerability detection is trending to zero,\u201d said Aneirin Flynn, chief executive officer of security audit firm Failsafe. The time it takes for hackers to identify a weakness in a blockchain protocol has been compressed from months to days or even hours using AI, he said.<\/p>\n
The cybersecurity threat from AI isn\u2019t unique to crypto. In November, Anthropic said attackers manipulated its Claude model in an attempt to infiltrate roughly 30 entities including big technology companies, financial institutions and government agencies and \u201csucceeded in a small number of cases.\u201d It didn\u2019t name the targets.<\/p>\n
When Anthropic executives discovered that Mythos was far more capable of cyberattacks than earlier models, they chose to initially limit its release to a handful of global tech giants so that they could test it against their own products. Major banks have also started testing Mythos.\u00a0\u00a0<\/p>\n
Patchwork of code<\/p>\n
DeFi, however, appears especially at risk. Unlike in traditional finance, oversight remains fragmented. Banking watchdogs routinely stress-test large lenders\u2019 cyber defenses to ensure resilience. Banks can block suspicious transfers; transactions over blockchains can\u2019t be reversed, and hackers have myriad ways of moving stolen funds out of reach.<\/p>\n
DeFi \u2014 which has become popular among crypto investors seeking yield \u2014 is essentially a network of interoperable, blockchain-based protocols that employ self-executing code known as smart contracts to let users move and deploy cryptoassets without relying on centralized intermediaries. Resources for investing in cybersecurity vary significantly between projects.<\/p>\n
That leaves hackers with a wide array of potential targets to strike. It also means the aftershock of a heist can ripple through the ecosystem, leaving other companies exposed too.<\/p>\n
Taken together, the two big hacks in April illustrated both dangers. The first targeted a derivatives exchange called Drift Protocol and drained over $280 million. In a postmortem published days after the attack, Drift said the hackers spent months building a relationship with its contributors, masquerading as a quantitative trading firm. They then tricked employees into authorizing malicious transactions.<\/p>\n
Other aspects of the heist were equally ambitious. The hackers manufactured a fictitious token and created an inflated trading record to trick Drift\u2019s protocols into treating it as legitimate collateral.<\/p>\n
Drift was forced to shut down and plans to relaunch itself after receiving an infusion of stablecoins from Tether. Another DeFi project called Carrot, which had exposure to the Drift platform, announced April 30 that it was shuttering because of the incident.<\/p>\n
ADVERTISEMENT:<\/p>\n
CONTINUE READING BELOW<\/p>\n
1\/ Carrot is shutting down<\/p>\n
This is certainly not the outcome we wanted, but the situation with the Drift exploit, has proven to be catastrophic for our continued operations.<\/p>\n
\u2014 Carrot (@DeFiCarrot) April 30, 2026<\/p>\n
The second one struck Kelp DAO, where the hackers targeted a software protocol known as a \u201cbridge\u201d that helps connect different blockchains. Some aspects of the heist \u2014 which netted almost $300 million \u2014 aren\u2019t fully understood, but the aftermath was much more damaging because of how the hackers laundered the proceeds.<\/p>\n
In a novel approach, they used most of the loot as collateral for borrowing on Aave, the biggest DeFi lending protocol. That, in turn, sparked fears of worthless collateral on Aave and a rush for the exit among depositors that spread to other platforms with no links to the hack. Aave ended up needing a rescue.<\/p>\n
The Drift and Kelp DAO hacks differed in several ways; for instance, the former seemed to rely more heavily on social engineering, where hackers trick humans into giving them access to private systems. But their ingenuity went far beyond previous attacks, experts said, leading some to suspect the hackers relied on AI to help with elements like planning and design.<\/p>\n
\u201cI highly suspect that North Koreans used AI to engineer both\u2019 hacks, \u2018 \u201d said Nick Carlsen, a former FBI analyst who is now an investigator at TRM Labs. \u201cThis is all stuff North Korea never used to do.\u201d<\/p>\n
There have been some attempts to test existing AI agents\u2019 skills in detecting blockchain vulnerabilities and designing hacks. In December, Anthropic published research that showed more than half of blockchain exploits carried out in 2025, \u201cpresumably by skilled human attackers,\u201d could have been done autonomously using AI.<\/p>\n
What Anthropic called \u201cpotential exploit revenue\u201d had been doubling every 1.3 months, and the cost of a hack had fallen precipitously, the researchers found. \u201cProfitable autonomous exploitation can happen today,\u201d they wrote.<\/p>\n
ADVERTISEMENT:<\/p>\n
CONTINUE READING BELOW<\/p>\n
Anthropic declined to comment on whether it has repeated the experiment using Mythos.<\/p>\n
Another test was carried out by two engineers at a16z, the biggest crypto venture capital firm. The results were mixed: An AI trained by analyzing past DeFi hacks \u201calways found the vulnerability\u201d in a given protocol, but wasn\u2019t able to fully design a profitable exploit, Daejun Park and Matt Gleason wrote in an April 28 blog post.<\/p>\n
They noted that the experiment was done before Anthropic unveiled Mythos, and said they plan to test the model \u201conce we get access.\u201d<\/p>\n
Building defenses<\/p>\n
Inside crypto, the urgency to confront hacking is mounting. Failsafe CEO Flynn said several clients are installing software that continuously scans multiple devices connected to a network, from laptops to mobile phones, and is capable of detecting suspicious patterns and alerting managers to potential threats.<\/p>\n
Yuan Han Li, a partner at crypto VC firm Blockchain Capital, has called for increased use of circuit breakers that would pause or limit transactions beyond a certain threshold \u2014 essentially buying more time to respond to an exploit. One trading venue called Jupiter has a similar solution in place, which it is rolling out more widely, according to co-founder Siong Ong.<\/p>\n
Aave is expanding its risk framework for collateral to include cybersecurity factors, Linda Jeng, the lending platform\u2019s chief legal and policy officer, said last week.<\/p>\n<\/p>\n
Any effort to thwart North Korea-affiliated hackers armed with AI is ultimately doomed to fail, according to TRM\u2019s Carlsen. As he sees it, the only solution is to turn the tables on cybercriminals and deploy their own methods to take stolen crypto back.<\/p>\n
\u201cYou don\u2019t win this kind of campaign playing defense\u201d against attackers, he said. \u201cThey need to be hacked.\u201d<\/p>\n
\u00a9 2026 Bloomberg<\/p>\n
#AIhacking #threat #pushes #130bn #crypto #sector #brink<\/p>\n","protected":false},"excerpt":{"rendered":"
The crypto hacks came a little over two weeks apart in April, netting the attackers…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[4],"tags":[12128,12127,3867,610,3298,1529,2437],"_links":{"self":[{"href":"https:\/\/stock999.top\/index.php?rest_route=\/wp\/v2\/posts\/6391"}],"collection":[{"href":"https:\/\/stock999.top\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/stock999.top\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/stock999.top\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/stock999.top\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=6391"}],"version-history":[{"count":0,"href":"https:\/\/stock999.top\/index.php?rest_route=\/wp\/v2\/posts\/6391\/revisions"}],"wp:attachment":[{"href":"https:\/\/stock999.top\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=6391"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/stock999.top\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=6391"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/stock999.top\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=6391"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}