đź•’ Posted on: 12/2/2025 9:47:34 PM UTC
AI Agents Like GPT-5 and Claude Now Exploit Million-Dollar Ethereum Smart Contract Flaws

AI Agents Like GPT-5 and Claude Now Exploit Million-Dollar Ethereum Smart Contract Flaws

A new benchmark reveals frontier AI models can autonomously discover and exploit zero-day vulnerabilities in live smart contracts, simulating hundreds of millions in potential losses and signaling a paradigm shift in blockchain security.

Introduction: The Dawn of Autonomous AI Exploitation

The landscape of blockchain security is undergoing a seismic shift. A groundbreaking joint research initiative has demonstrated that advanced artificial intelligence agents, including models like GPT-5 and Claude Opus 4.5, are now capable of autonomously discovering and exploiting critical vulnerabilities in Ethereum smart contracts. In simulated tests, these AI agents successfully generated exploits for real-world contracts, uncovering previously unknown flaws with a collective simulated value reaching into the hundreds of millions of dollars. This development moves the threat of AI-powered cyber capabilities from theoretical speculation into a quantifiable, present-day risk, forcing a fundamental reassessment of how digital assets and decentralized financial systems are secured. The research provides a stark, dollar-denominated measure of the vulnerability of current blockchain infrastructure to autonomous agents, highlighting an urgent arms race between AI-powered offense and defense.

SCONE-bench: A New Financial Benchmark for AI Cyber Risk

Traditional cybersecurity metrics often rely on abstract scores or detection rates. The research introduces a pivotal new tool: the Smart CONtracts Exploitation benchmark (SCONE-bench). Its innovation lies in quantifying risk in the most tangible terms possible—potential financial loss. Because vulnerabilities in smart contracts can translate directly into stolen cryptocurrency, SCONE-bench evaluates AI performance based on the simulated dollar value of the exploits it can generate.

Researchers populated SCONE-bench with 405 real-world Ethereum smart contracts that had been historically exploited between 2020 and 2025. When ten different AI models were tested against this benchmark, they produced working exploits for 207 of the contracts. The cumulative simulated value of funds these exploits could have stolen totaled $550.1 million. This figure transforms the discussion from one about technical bugs to one about concrete economic risk, providing developers, auditors, and protocol teams with a clear metric to gauge the defensive robustness of their code against increasingly sophisticated AI adversaries.

Frontier Models in Action: From Historical Analysis to Zero-Day Discovery

The research tested AI capabilities in two critical phases. First, models were evaluated on their ability to understand and replicate historical exploits that occurred after their knowledge cutoff dates—a test designed to measure generalizable reasoning rather than mere data recall. In simulated attacks on contracts exploited after March 2025, the frontier models demonstrated alarming proficiency. Claude Opus 4.5, Claude Sonnet 4.5, and GPT-5 generated exploits with a collective simulated value of $4.6 million, establishing a concrete lower bound on the potential financial damage such AI could cause.

The second, more significant phase involved testing these agents against 2,849 recently deployed contracts with no known vulnerabilities. Here, the AI transitioned from historian to pioneer. GPT-5 and Claude Sonnet 4.5 uncovered two novel zero-day vulnerabilities, generating simulated profits of nearly $3,700. This proves that current-generation AI is not just rehashing old attacks but is capable of original vulnerability research and exploitation—a capability once reserved for elite human security researchers and hackers.

Anatomy of an AI-Generated Exploit

To understand the practical implications, the study detailed a specific exploit crafted by an AI agent. The vulnerability existed in a token calculator function on an Ethereum-compatible contract. A critical flaw left this function writable when it should have been read-only. The AI agent identified this misconfiguration and constructed an exploit that repeatedly called the function to artificially inflate its own token balance.

In simulation, this exploit generated immediate profits of $2,500. Furthermore, researchers calculated that under peak liquidity conditions in the associated decentralized exchange pool, the same exploit could have yielded up to $19,000. It is noted that independent white-hat hackers later discovered and mitigated this same vulnerability, recovering the at-risk assets. This example underscores that the flaws AI agents are finding are not obscure edge cases but economically significant logic errors that exist in live contracts.

The Evolving Skill Set of AI Hackers

The success of these models points to a rapid maturation in core cognitive capabilities required for hacking. The research indicates that frontier AI agents are now approaching human-level proficiency in several key areas:

  • Control-Flow Reasoning: Understanding how execution paths move through complex smart contract code.
  • Boundary Analysis: Identifying edge cases and unexpected inputs that can trigger faulty behavior.
  • Exploit Chain Construction: Synthesizing individual vulnerabilities into a step-by-step process to achieve a malicious objective.

This skill set is not limited to blockchain technology; it is directly applicable to traditional software systems, web applications, and network infrastructure. The acceleration of AI cyber capabilities signifies a broadening attack surface across the entire digital ecosystem, with blockchain’s transparent and financially incentivized nature making it a prime initial testing ground.

Historical Context: From Manual Audits to Automated Arms Races

The evolution of smart contract security provides crucial context for this development. In Ethereum's early years (pre-2020), security relied heavily on manual code reviews by small developer teams. High-profile disasters like The DAO hack in 2016 underscored the need for more rigorous processes. This led to the rise of professional auditing firms and bug bounty platforms, which became industry standards by 2020-2022.

The next phase saw the introduction of automated static analysis tools (like Slither) and formal verification methods. These tools could catch common vulnerabilities but often missed complex logical flaws. The current era, as defined by this research, introduces a new actor: the autonomous AI exploitation agent. This represents a qualitative leap beyond previous automation. Unlike static tools that follow predefined rules, AI agents can reason inductively, explore novel attack vectors, and adapt their strategies—mirroring the approach of a human attacker but at machine speed and scale.

Defensive Implications: Stress-Testing with AI Before Deployment

While the offensive capabilities are alarming, the same technology presents a powerful defensive opportunity. The researchers emphasize that SCONE-bench is fundamentally a tool for defenders. By allowing developers to stress-test their smart contracts against state-of-the-art AI agents before deployment, teams can proactively identify and patch vulnerabilities that might otherwise go unnoticed by traditional audits.

This practice—often called "red teaming" with AI—could become a standard step in the smart contract development lifecycle. Just as financial institutions use penetration testers to harden their systems, DeFi protocols may soon routinely employ adversarial AI simulations to probe their code for weaknesses. This shifts security toward a more continuous, adaptive model rather than a one-time audit ahead of a launch.

Conclusion: Navigating the New Frontier of Autonomous Risk

The demonstration that AI agents like GPT-5 and Claude can autonomously exploit smart contract flaws marks an inflection point for blockchain security and cybersecurity at large. The research is a definitive proof-of-concept: profitable, real-world autonomous exploitation is not a future concern but a feasible capability today.

For participants in the crypto ecosystem—from developers and auditors to protocol treasuries and end-users—the implications are clear. The cost of poor code quality has just been exponentially increased by automated actors capable of finding and exploiting it 24/7. Security must evolve from being a compliance checkpoint to an embedded, continuous process leveraging AI-powered defense.

The broader market insight is that projects prioritizing robust, iteratively tested codebases and adopting advanced defensive AI tools will likely be perceived as lower risk. Meanwhile, the technological arms race between offensive and defensive AI will become a central theme in cybersecurity investment and research. Readers should watch for the emergence of commercial security platforms integrating benchmarks like SCONE-bench, increased funding for AI-powered auditing startups, and potentially new insurance models for smart contracts that account for this novel threat vector. The era of autonomous digital risk has arrived, and its first battlefield is the blockchain

×