AI Agents Exploit Smart Contracts to Steal Millions in Crypto
Researchers develop AI system that autonomously finds and exploits vulnerabilities in cryptocurrency smart contracts, potentially yielding high returns.
Researchers from University College London (UCL) and the University of Sydney (USYD) have developed an AI agent system called A1 that autonomously discovers and exploits vulnerabilities in smart contracts, potentially stealing millions in cryptocurrency. The findings, detailed in a preprint paper, highlight a growing threat to decentralized finance (DeFi) platforms.
How A1 Works
- Targets: Ethereum and Binance Smart Chain contracts.
- Process: Given a blockchain, contract address, and block number, A1 analyzes the contract, identifies flaws, and generates executable Solidity exploit code.
- Tools: Uses LLMs from OpenAI, Google, DeepSeek, and Alibaba, alongside specialized tools for code fetching, sanitization, and revenue calculation.
Key Findings
- Success Rate: 62.96% (17 out of 27) on the VERITE benchmark.
- Profitability: Extracted up to $8.59 million per exploit, totaling $9.33 million across 26 successful cases.
- Cost Efficiency: Per-exploit costs ranged from $0.01 to $3.59, with OpenAI’s o3-pro model achieving an 88.5% success rate.
Implications
- Asymmetry: Attackers using AI tools gain a 10x advantage over defenders relying on traditional methods.
- Regulatory Gap: With low enforcement rates (estimated 0.05%), the risk of legal consequences remains minimal.
- Recommendation: Projects should adopt AI-powered scanning to proactively secure their contracts, as bug bounties (often capped at 10% of stolen funds) are insufficient.
Ethical Concerns
The researchers initially planned to open-source A1 but reconsidered due to its potential for misuse. As AI models improve, the threat of autonomous financial crime could escalate, demanding stronger defensive measures.
For more details, read the full paper: AI Agent Smart Contract Exploit Generation.
Related News
AWS extends Bedrock AgentCore Gateway to unify MCP servers for AI agents
AWS announces expanded Amazon Bedrock AgentCore Gateway support for MCP servers, enabling centralized management of AI agent tools across organizations.
CEOs Must Prioritize AI Investment Amid Rapid Change
Forward-thinking CEOs are focusing on AI investment, agile operations, and strategic growth to navigate disruption and lead competitively.
About the Author
Michael Rodriguez
AI Technology Journalist
Veteran technology journalist with 12 years of focus on AI industry reporting. Former AI section editor at TechCrunch, now freelance writer contributing in-depth AI industry analysis to renowned media outlets like Wired and The Verge. Has keen insights into AI startups and emerging technology trends.