Two April hacks targeting Drift and Kelp DAO netted attackers almost $600 million, and cybersecurity experts now believe artificial intelligence helped pull them off, Bloomberg reported May 15.
The attacks grew so much more sophisticated so quickly that experts told Bloomberg the pace itself pointed to AI. It can’t be proven, but the industry isn’t waiting for proof: AI can compress the time needed to find weaknesses in a blockchain protocol from months to days or hours, and can hand anyone the skills of an elite hacker.
The financial fallout ran wider than the two targeted firms. Drift shut down its crypto exchange and plans to relaunch after receiving stablecoins from Tether. Carrot, a DeFi project with exposure to Drift, closed permanently. Lending protocol Aave, used to launder proceeds from one of the hacks, needed a rescue after investors pulled $9 billion.
Drift’s own April statement described “a highly sophisticated operation” involving multi-week preparation, staged execution, and double nonce accounts to pre-sign transactions with delayed execution. Kelp DAO’s hack showed the cascading-failure risk in interconnected DeFi systems: one broken piece can threaten the entire structure.
Looming over the sector is Anthropic’s Mythos AI model, which the company has kept in limited release because of the cybersecurity risks it poses.
Industry responses so far include device-scanning software, circuit breakers that pause transactions above set thresholds, and expanded collateral risk frameworks that now factor in cybersecurity exposure.
James Okafor