AI Agents Expose $550 Million in Blockchain Smart Contract Flaws

Anthropic, a leading artificial intelligence research firm, has released findings that show the evolving risks to cryptocurrency blockchain networks. Advanced AI models demonstrated the ability to identify and exploit flaws in smart contracts, simulating multimillion-dollar losses in controlled tests. This development comes at a time when as decentralized finance continues to expand, drawing greater scrutiny to the robustness of it's underlying code.

The report details experiments conducted in a simulated blockchain setting, where AI agents targeted contracts with known exploits from after March 2025. Models such as Claude Opus 4.5 and Claude Sonnet 4.5 processed 34 such contracts and successfully breached 17, resulting in the virtual theft of $4.5 million in funds. These tests focused on real-world scenarios to gauge the practical reach of AI-driven attacks, revealing how quickly automated systems can navigate complex code paths.

To broaden the assessment, Anthropic created SCONE-bench, a dataset of 405 contracts deployed from 2020 to 2025 on platforms including Ethereum, BNB Smart Chain, and Base. When evaluated against this collection, ten frontier AI models exploited 207 contracts, amassing $550 million in simulated gains. The benchmark emphasizes economic impact over mere bug detection, using historical token values to quantify potential harm from each breach.

Beyond replaying past incidents, the reported study pushed AI capabilities further by assigning Sonnet 4.5 and GPT-5 to review 2,849 newly deployed contracts free of documented weaknesses. These scans, performed on October 3, 2025, uncovered two zero-day vulnerabilities capable of yielding $3,694 in exploits. Such discoveries point to AI's role in proactive threat hunting, even against untouched codebases.

Common issues flagged in the analysis included authorization errors that permitted unauthorized fund withdrawals, unprotected functions vulnerable to token supply manipulation, and gaps in validation logic for fee handling. These flaws, often subtle, highlight persistent challenges in smart contract design despite years of industry experience. Developers must now contend with tools that can probe code at speeds unattainable by humans.

Balancing AI Threats and Defensive Opportunities in Blockchain

The report notes a stark trend: over half of 2025's blockchain exploits, typically attributed to expert human operators, could now unfold through autonomous AI agents. This shift reflects rapid progress in model performance, with simulated exploit revenues doubling every 1.3 months across the prior year. As computational costs decline, the barrier to deploying such agents lowers, enabling broader scans of even peripheral systems like outdated libraries or niche APIs.

Anthropic's analysis extends beyond DeFi to warn of wider software risks, where similar reasoning skills could target traditional infrastructure. In one illustrative case from November 2025, a Balancer protocol flaw allowed a $128 million drain via a permissions bypass, a tactic AI agents replicated in simulations. The firm's red team, in collaboration with MATS scholars, stressed that these results stem from deliberate capability evaluations, not speculative fears.

Yet the research frames AI as a dual-force in security landscapes. The same agents that expose risks can fortify defenses by automating vulnerability scans and code audits. Anthropic plans to release the SCONE-bench dataset as open-source, equipping builders with a standardized tool for rigorous testing. This move aims to accelerate patching efforts and foster collaborative improvements in smart contract resilience.

This could be a pivotal moment for developers and protocol teams. With AI integration accelerating at break neck speed, protocols may soon embed automated checks into deployment pipelines, mirroring practices in conventional software engineering. Early adopters could gain an edge in attracting liquidity, as users prioritize platforms with verifiable safeguards.

The findings arrive amid a surge in blockchain activity, where total value locked in DeFi protocols surpassed $200 billion by late 2025. Regulatory bodies, including the U.S. Securities and Exchange Commission, have ramped up oversight of smart contract audits, often mandating third-party reviews for high-stakes deployments. Anthropic's work aligns with calls from groups like the Ethereum Foundation for enhanced simulation tools to stress-test code under adversarial conditions.

The trajectory suggests AI will redefine security paradigms across crypto ecosystems. Developers face pressure to evolve auditing methods, perhaps incorporating AI-assisted formal verification to catch elusive bugs early. As models like Opus 4.5 continue to refine their exploit strategies, the onus falls on the community to harness these technologies for protection rather than peril.