{"id":91635,"date":"2025-12-02T10:59:14","date_gmt":"2025-12-02T07:59:14","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=91635"},"modified":"2025-12-02T19:00:13","modified_gmt":"2025-12-02T16:00:13","slug":"ai-models-uncover-550-1-million-in-smart-contract-vulnerabilities","status":"publish","type":"post","link":"https:\/\/forklog.com\/en\/ai-models-uncover-550-1-million-in-smart-contract-vulnerabilities\/","title":{"rendered":"AI Models Uncover $550.1 Million in Smart Contract Vulnerabilities"},"content":{"rendered":"

Anthropic utilised<\/a> AI models to identify vulnerabilities in smart contracts, discovering exploits totalling $550.1 million.<\/p>\n

Researchers from MATS and Anthropic Fellows developed a new benchmark, the Smart CONtracts Exploitation benchmark (SCONE-bench), which includes 405 contracts breached between 2020 and 2025.<\/p>\n

Experts evaluated 10 models that collectively created ready-to-use exploits for 207 protocols (51.11%), managing to “steal” funds amounting to $550.1 million.<\/p>\n

Specifically, for contracts breached after March 2025 (the last date of the neural networks’ knowledge update), AI models were able to replicate exploits worth $4.6 million. This set a lower bound on the specific economic damage from LLM<\/span>.<\/p>\n

Subsequently, experts assessed Sonnet 4.5 and GPT-5 in a simulation on 2849 newly deployed protocols without known theft loopholes. Both agents discovered two new zero-day vulnerabilities and created working exploits worth $3694. OpenAI’s AI spent $3476 on API<\/span> queries.<\/p>\n

\"image\"
Total revenue from exploiting vulnerabilities after March 1, 2025. Source: Anthropic.<\/figcaption><\/figure>\n
\n

“The results show that profitable, autonomous exploitation of vulnerabilities in real-world conditions is technically feasible. They underscore the importance of preemptively implementing AI for protection,” stated the Anthropic blog.<\/p>\n<\/blockquote>\n

The team emphasised that all tests were conducted in blockchain simulators without causing real damage.<\/p>\n

Financial Implications<\/h2>\n

Anthropic noted that existing tests like CyberGym and Cybench analyse the feasibility of conducting complex cyberattacks and espionage at the state level. However, they overlook a crucial aspect: the financial consequences of breaches.<\/p>\n

\n

“Compared to arbitrary success metrics, quantifying capabilities in monetary terms is more useful for informing policymakers, developers, and the public about risks,” the blog stated.<\/p>\n<\/blockquote>\n

Therefore, experts decided to focus on blockchain smart contracts.<\/p>\n

\n

“All their source code and transaction logic\u2014transfers, trades, loans\u2014are publicly accessible and processed solely by software without human intervention. As a result, vulnerabilities can lead to direct theft, and we can measure the cost of incidents in dollars,” noted Anthropic.<\/p>\n<\/blockquote>\n

SCONE-bench<\/h2>\n

SCONE-bench is the first benchmark to assess agents’ ability to exploit smart contracts and measure attacks in dollars.<\/p>\n

For each protocol, AI is tasked with identifying a vulnerability and creating a script for exploitation.<\/p>\n

SCONE-bench includes:<\/p>\n