"Found even a 27-year-old hidden bug"...Crypto market on alert due to AI hacker attacks

▲ Virtual Asset/ChatGPT Generated Image

Artificial intelligence technology is rapidly emerging as a new weapon threatening the decentralized financial ecosystem, fundamentally shaking up the security paradigm.

On April 25 (local time), the cryptocurrency YouTube channel Coin Bureau warned that virtual asset security is facing the worst crisis in history as AI gains the ability to find vulnerabilities in code. In the first quarter of 2026 alone, $450 million was drained from decentralized finance (DeFi) protocols in 145 attacks. In April, another $66 million evaporated in just 18 days, causing the Total Value Locked (TVL) to plummet from $110 billion in January to $82 billion.

AI-powered attacks offer overwhelming advantages in terms of cost and speed. Anthropic's latest model, Claude Mythos, instantly discovered a zero-day vulnerability that had gone undetected for 27 years. The cost to scan an entire smart contract is only $1.22. The time it took to discover vulnerabilities and execute attacks, which previously took 2.3 years, has now been reduced to less than 24 hours.

Recent large-scale hacking incidents demonstrate the power of these AI-based attacks. On April 1, $285 million was leaked from the Solana (SOL)-based Drift Protocol. On the 18th, the Kelp DAO bridge was attacked, resulting in a loss of $293 million. Both incidents are suspected to be the work of North Korea's Lazarus Group, which meticulously stole $577 million in just one month.

AI is not only writing code but also generating vulnerabilities. Research shows that approximately 45% of AI-generated code contains security vulnerabilities. For the Java language, the failure rate exceeded 70%. While developers are accelerating development with AI, attackers are using AI to exploit those loopholes even faster. A vicious cycle is repeating where AI finds and attacks vulnerabilities in the very code it created.

The security threat is spreading beyond the virtual asset market to traditional finance. AI has discovered dozens of decades-old vulnerabilities in cryptographic libraries like OpenSSL. This means that global bank payment systems and the Swift network are also exposed to risk. This is why US Treasury Secretary Scott Bessant and Federal Reserve Chairman Jerome Powell held an emergency meeting with top executives of major banks.

The defense side is also responding by launching AI audit tools. CertiK and Coinbase, among others, have adopted AI security solutions that are much cheaper and faster than manual reviews. However, the structural imbalance is severe: attackers only need to succeed once, while defenders must succeed every time. The fact that 99% of currently discovered vulnerabilities remain unpatched clearly demonstrates the limitations of security responses.

Users must apply stricter standards to protect their assets. Cross-chain bridges and restaking tokens are the most vulnerable areas, where smart contract risks are concentrated. When using new protocols, it is essential to verify at least two security audit results and whether real-time monitoring is applied. The confrontation between AI and virtual assets is now an unavoidable reality, and it is important to recognize that attackers have gained the upper hand in the early stages.

*Disclaimer: This article is for investment reference only, and we are not responsible for any investment losses based on it. The content should be interpreted for informational purposes only.*