AI boosts crypto hackers to superhuman speed, warns a new report from CoinDesk, as Anthropic’s powerful Claude Fable 5 model introduces advanced cyber tools with safety filters that may not be foolproof. The decentralized finance (DeFi) sector, already reeling from over $840 million in losses this year, stands to lose the most if these sophisticated AI capabilities fall into the wrong hands, accelerating existing vulnerabilities rather than creating new ones.
Anthropic’s latest offering, Claude Fable 5, represents a significant leap in AI capabilities, providing users with enhanced reasoning and coding prowess. Released on Tuesday, this public model is the first in the Mythos class, touted by Anthropic as its most powerful iteration to date. Recognizing its immense potential and inherent risks, the company has deployed two distinct versions: a widely accessible public model with stringent safety filters designed to block dangerous applications, and a more potent, less-hamstrung counterpart, Claude Mythos 5, reserved exclusively for vetted users in critical infrastructure and cybersecurity.
The Double-Edged Blade of AI in Cybersecurity
Security experts acknowledge that advanced AI, while not inventing entirely new forms of crypto hacks, can dramatically accelerate the identification of misconfigurations and the construction of sophisticated exploits. This includes speeding up attacks rooted in social engineering, exposed private keys, and flawed signing flows. Mythos, for instance, is capable of finding and chaining zero-day vulnerabilities – previously unknown software flaws – and transforming a mere bug into a fully operational attack. Anthropic claims its software attempts to intercept potential attack vectors by routing high-risk requests to a weaker model, Claude Opus 4.8, a fallback mechanism triggered in fewer than 5% of sessions. Despite extensive internal testing and over 1,000 hours of external bug-bounty work, the company concedes that a truly foolproof system remains elusive, anticipating that determined, well-funded adversaries will continue their attempts to circumvent these safety measures.
“The uplift from Mythos-level capabilities is valuable to many adversaries—for instance, those who could financially gain from cyberattacks—and we therefore expect them to be motivated to try to circumvent our safety measures.”
— Anthropic Blog Post
Charles Guillemet, CTO at hardware-wallet maker Ledger, emphasizes that current AI guardrails primarily introduce friction, rather than offering a reliable defense against sophisticated attackers. The transformative impact of AI, he argues, lies not in inventing novel attack vectors, but in drastically reducing the time required to execute them. An AI-powered reasoning model can “diff every commit, grep every config, and enumerate every misconfiguration at machine speed,” making crypto particularly vulnerable given the immediate financial consequences of software failures.
Human Error Remains Crypto’s Achilles’ Heel
DeFi protocols have suffered over $840 million in losses from hacks in the first five months of this year, according to DefiLlama data, with April alone marking a record-breaking $600 million in damages. Interestingly, the most substantial incidents haven’t stemmed from complex smart-contract exploits, which AI might engineer, but rather from human error and operational failures. For example, a North Korea-linked group drained approximately $285 million from Drift Protocol through a six-month social-engineering campaign that granted them admin access. Another incident saw an attacker siphon $292 million from Kelp DAO by exploiting a single-verifier flaw. More recently, Humanity Protocol, a decentralized human-identity service, lost over $30 million due to a private-key compromise, where a hacker accessed three out of six private keys from an employee’s laptop. These incidents underscore a critical point: while Anthropic’s filters might catch obvious smart-contract prompts, the largest losses often originate from familiar weak points: social engineering, faulty signing flows, exposed keys, and simple human mistakes. An AI model like Fable doesn’t need to deliver a complete exploit; it can analyze public repositories, compare software versions, summarize audit reports, and craft convincing messages designed to exploit the small operational oversights that humans frequently miss. This accelerated reconnaissance phase makes the final signing step even more critical. Defenders must secure every key path, dependency, signing flow, and privileged account. Private keys must be isolated from compromised devices, and users require trusted screens that accurately display what they are approving. For more insights on the evolving crypto security landscape, explore related Crypto news.
“Call it what it is: these exploits remain rooted in social engineering and human error. AI didn’t create that reality. It made it visible, and accelerated it to machine speed. The only real exit is a hardware root of trust: private keys generated and kept on a certified secure element, with a trusted display and Clear Signing.”
— Charles Guillemet, Ledger CTO
Paradoxically, the same AI technologies that empower attackers can also fortify defenses. Pendle, a DeFi yield protocol, has leveraged Anthropic’s models defensively since the initial Claude Opus version. Their team utilizes AI to map codebase, stress-test contracts, and identify bugs early, leading to cleaner code. Pendle developers argue that smart contracts, being relatively short with limited entry points, are less of a concern than human operational vulnerabilities. Experienced auditors can often grasp a contract’s full state and test every edge case. Thus, the next major crypto hack may not be novel in its method, but rather a faster, more efficiently executed version of the poisoned packages, fooled developers, or bad signing flows that DeFi already knows too well. The era of accelerated cyber threats has arrived, making robust, human-proof security measures more critical than ever.
