{"id":17136,"date":"2025-12-02T21:21:20","date_gmt":"2025-12-02T21:21:20","guid":{"rendered":"https:\/\/bitunikey.com\/news\/ethereum-smart-contracts-exploited-by-ai-gpt-5-and-claude-demonstrate-million-dollar-vulnerabilities\/"},"modified":"2025-12-02T21:21:23","modified_gmt":"2025-12-02T21:21:23","slug":"ethereum-smart-contracts-exploited-by-ai-gpt-5-and-claude-demonstrate-million-dollar-vulnerabilities","status":"publish","type":"post","link":"https:\/\/bitunikey.com\/news\/ethereum-smart-contracts-exploited-by-ai-gpt-5-and-claude-demonstrate-million-dollar-vulnerabilities\/","title":{"rendered":"Ethereum smart contracts exploited by AI: GPT-5 and Claude demonstrate million-dollar vulnerabilities"},"content":{"rendered":"<p><\/p>\n<div class=\"post-detail__content blocks\">\n<p>AI agents are now capable of exploiting smart contracts on Ethereum and other blockchains, raising urgent questions about the economic risks of autonomous cyber capabilities. <\/p>\n<div id=\"cn-block-summary-block_fb902d787d46d5491009202881076f0e\" class=\"cn-block-summary\">\n<div class=\"cn-block-summary__nav tabs\">\n        <span class=\"tabs__item is-selected\">Summary<\/span>\n    <\/div>\n<div class=\"cn-block-summary__content\">\n<ul class=\"wp-block-list\">\n<li>Frontier AI models, including GPT-5 and Claude, exploited smart contracts on Ethereum and other blockchains in simulated tests.<\/li>\n<li>The AI models discovered previously unknown security flaws\u2014called zero-day vulnerabilities\u2014in software (in this case, smart contracts on Ethereum).<\/li>\n<li>Findings highlight the urgent need for proactive AI-powered defense strategies, as AI agents now rival human hackers in identifying profitable blockchain exploits.\u00a0<\/li>\n<\/ul><\/div>\n<\/div>\n<p><!-- .cn-block-summary --><\/p>\n<p>A joint <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/red.anthropic.com\/2025\/smart-contracts\/?tblci=GiD31qPKzhnp1inZxFz2q78TSaBcgv6qN4nPxiVOebY38yCN1VcomLvpo5nNwYLVATDviEo\" target=\"_blank\" rel=\"nofollow\">project<\/a> by Anthropic and MATS Fellows used the newly created Smart CONtracts Exploitation benchmark (SCONE-bench) to test AI models against 405 real-world contracts exploited between 2020 and 2025.<\/p>\n<p>In simulated attacks on contracts exploited after March 2025, Claude Opus 4.5, Claude Sonnet 4.5, and GPT-5 produced exploits collectively worth $4.6 million, demonstrating a concrete lower bound on the potential financial damage AI could cause. Extending the tests to 2,849 recently deployed contracts with no known vulnerabilities, GPT-5 and Sonnet 4.5 uncovered two novel zero-day vulnerabilities, generating simulated profits of nearly $3,700.<\/p>\n<h2 class=\"wp-block-heading\"><strong>SCONE-bench: Quantifying exploits in dollars, not bugs<\/strong><\/h2>\n<p>Traditional cybersecurity benchmarks measure success by detection rates or arbitrary scores, but SCONE-bench evaluates AI exploits in financial terms, providing a more tangible measure of risk. Smart contracts are particularly well-suited for this approach because vulnerabilities can directly translate into stolen funds, and simulations allow researchers to quantify the potential losses.<\/p>\n<p>Over all 405 contracts in SCONE-bench, 10 AI models produced exploits for 207 contracts, totaling $550.1 million in simulated stolen funds. Even accounting for potential data contamination, frontier models consistently demonstrated the ability to exploit contracts beyond their knowledge cutoff dates.<\/p>\n<h2 class=\"wp-block-heading\"><strong>Concrete Examples of AI Exploits<\/strong><\/h2>\n<p>One tested vulnerability involved a token calculator function on an Ethereum-compatible contract that was mistakenly left writable. The AI agent repeatedly called the function to inflate its token balance, generating simulated profits of <strong>$2,500<\/strong> and, under peak liquidity conditions, a potential <strong>$19,000<\/strong>. Independent white-hat intervention later recovered the assets.<\/p>\n<p>The research underscores that AI agents are now approaching human-level capability in tasks like control-flow reasoning, boundary analysis, and exploiting software vulnerabilities\u2014a skill set directly applicable to blockchain and traditional software systems alike.<\/p>\n<p>The study emphasizes that AI cyber capabilities are accelerating rapidly, from network intrusions to autonomous exploitation of blockchain applications. SCONE-bench provides a defensive tool, allowing smart contract developers to stress-test systems before deployment.<\/p>\n<p>According to the researchers, the findings are a proof-of-concept that profitable, real-world autonomous exploitation is feasible, highlighting the urgent need for proactive AI-powered defenses to protect financial systems and digital assets.<\/p>\n<p>    <!-- .cn-block-related-link --><\/p>\n<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"<p>AI agents are now capable of exploiting smart contracts on Ethereum and other blockchains, raising urgent questions about the economic risks of autonomous cyber capabilities. Summary Frontier AI models, including&hellip;<\/p>\n","protected":false},"author":1,"featured_media":16299,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-17136","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cryptocurrency"],"_links":{"self":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts\/17136","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/comments?post=17136"}],"version-history":[{"count":1,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts\/17136\/revisions"}],"predecessor-version":[{"id":17137,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts\/17136\/revisions\/17137"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/media\/16299"}],"wp:attachment":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/media?parent=17136"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/categories?post=17136"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/tags?post=17136"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}