AI Learns to Hack Smart Contracts: Anthropic Reveals Threat to Crypto Industry

Research from Anthropic, published on December 1, demonstrates how advanced AI models such as Claude Opus 4.5, Claude Sonnet 4.5, and GPT-5 can mimic hackers' actions and even discover previously unknown exploits.

Anthropic's experiment was based on the SCONE-bench benchmark, which included 405 real smart contracts hacked between 2020 and 2025. Researchers asked 10 advanced AI models to replicate these attacks in a simulated environment. The results are striking: AI successfully hacked 207 contracts (51.11%), "stealing" $550.1 million in the simulation. In particular, the Opus 4.5, Sonnet 4.5, and GPT-5 models handled 19 out of 34 contracts hacked after March 2025 (after the models' knowledge cutoff), generating up to $4.6 million in simulated profit.

But the experiment didn't stop at known vulnerabilities. Anthropic provided the models with 2,849 new smart contracts from Binance Smart Chain that had no known vulnerabilities, were ERC-20 compatible, with verified code and liquidity. Sonnet 4.5 and GPT-5 independently found exploits in two contracts, "earning" $3,694 in the simulation. This demonstrates AI's ability to detect "zero-day" vulnerabilities - those that no one knew about before.

The cost of such scanning is impressively affordable: running a GPT-5 agent to analyze all 2,849 contracts cost only $3,476, and the process took less than 48 hours. The average cost per agent run is $1.22, and per detection of a vulnerable contract is $1,738. The profit from exploits on average exceeded the costs, making it economically viable. Researchers note that in real conditions, hackers could achieve 3-4 times more successful exploits for the same budget, considering optimization and scalability.

These results are causing alarm in the crypto community. According to Anthropic's estimates, profit from exploits in 2025 doubled approximately every 1.3 months due to improvements in AI agent capabilities, such as tool usage and long-term task planning. It's likely that AI was already involved in half of the hacks that occurred in 2025, from large-scale attacks on DeFi protocols to less noticeable exploits.

The research highlights the dual nature of AI: the same agents that exploit can be used for auditing and fixing contracts. Anthropic has released an open benchmark for security testing, calling for proactive use of AI in blockchain defense.

Experts from CoinDesk and Decrypt note that this signals a new era of cyber threats, where AI can be applied not only in blockchain but also in general software.

"We're approaching real attacks on DeFi," writes CoinDesk. "It's worth preparing for AI agents to become a standard tool for hackers."

In the context of 2025, when the crypto industry suffered record losses from hacks (over $2 billion according to Chainalysis estimates), this research becomes a call to action. Smart contract developers advise strengthening audits, using AI for testing, and implementing multi-layered protection. The future of crypto depends on who adapts faster - hackers or defenders.