AI Agents Exploit $4.6M in Blockchain Smart Contracts, Highlighting Urgent Defence Need

Quick Breakdown:

• Recent research reveals that AI agents can autonomously identify and exploit vulnerabilities in blockchain smart contracts
• The agents also uncovered novel zero-day vulnerabilities in newly deployed contracts, proving real-world autonomous exploitation is feasible. 
• This advancement highlights the rapid escalation of AI-powered cyber threats and the pressing need for proactive defensive strategies utilizing AI tools.

AI Models exploit vulnerabilities in Blockchain smart contracts

Recent research introduces SCONE-bench, a benchmark set of 405 real-world smart contracts exploited between 2020 and 2025, evaluating AI agents’ capabilities to discover and exploit vulnerabilities. 

Leading AI models, including Claude Opus 4.5, Claude Sonnet 4.5, and GPT-5, generated exploits valued at $4.6 million on contracts exploited after their knowledge cutoff in March 2025. This showcases AI’s growing potential for cyber offensive operations in blockchain ecosystems. 

Beyond retrospective analysis, testing 2,849 newly deployed contracts revealed two novel zero-day vulnerabilities, exploited to simulate gains of $3,694. This confirms that AI can autonomously discover and exploit previously unknown vulnerabilities, underscoring the expanding cyber risk posed by advanced AI agents.​

Economic impact and technical insights

Source:   Anthropic

The benchmark quantifies AI cyber capabilities in direct monetary terms rather than traditional success rates, focusing on the economic impact of exploits, a critical metric for security stakeholders. 

For example, one AI model extracted $3.5 million in simulated stolen funds from a single vulnerability, vastly outperforming others that detected the same flaw but exploited less value. Over the past year, exploit revenue doubled approximately every 1.3 months, driven by AI improvements in tool use, long-term planning, and error recovery. Interestingly, complexity metrics such as code intricacy did not correlate with exploit profitability; instead, asset holdings within vulnerable contracts determined the financial impact. The cost of running AI to scan contracts has also dropped sharply, with evaluations costing an average of just $1.22 per contract. These dynamics drastically shorten the window for developers to identify and patch vulnerabilities before they are exploited.​

Dual-Use of AI for Cyber Defence

While AI agents exhibit powerful autonomous offensive capabilities, the same technologies hold promise for defence, including automated vulnerability patching and contract hardening. Given the exponential rise in the potential for AI-driven exploitation, early adoption of AI-powered defence systems in the blockchain space is imperative. This shift will help mitigate risks posed by unchecked AI agents that can tirelessly target software assets ranging from smart contracts to traditional codebases. The open-sourced SCONE-bench resource equips developers and security teams to preemptively stress-test smart contracts against emerging AI threats, aligning with broader efforts to keep pace with rapidly evolving AI-powered cybercrime.​

Meanwhile, Cocoon, a confidential-compute network built by a Telegram co-founder on The Open Network ($TON), challenges centralized tech giants like Amazon and Microsoft to champion digital freedom and prevent AI control. It offers privacy-preserving AI services that keep user data confidential during computation. This is facilitated through a marketplace where GPU owners rent processing power for the native $TON token.