Anthropic Study Shows AI Potential for $4.6M Ethereum Smart Contract Exploits

• AI agents successfully breached 51% of tested smart contracts, extracting over $550 million in simulated funds across major models.

• Frontier models like Opus 4.5 and GPT-5 demonstrated superior exploit capabilities, focusing on high-value paths in Ethereum and Binance Smart Chain ecosystems.

• Exploit efficiency has doubled every 1.3 months in 2025, with token costs for attacks dropping 70% in six months, per Anthropic’s SCONE-bench benchmark.

Discover how AI exploits in smart contracts threaten blockchain security in 2025. Anthropic’s $4.6M simulation exposes risks—learn key vulnerabilities and defenses to protect your crypto assets today. (152 characters)

What Are AI Exploits in Smart Contracts?

AI exploits in smart contracts involve advanced artificial intelligence systems autonomously identifying code vulnerabilities, crafting attack scripts, and simulating fund drains in blockchain environments. In Anthropic’s 2025 study, these agents targeted real-world contracts from 2020 to 2025 on platforms like Ethereum, Binance Smart Chain, and Base, achieving breaches that mimicked multimillion-dollar thefts. This demonstrates how AI accelerates cyber threats by reasoning through complex code paths without human intervention, emphasizing the need for robust auditing in decentralized applications.

How Do AI Agents Uncover Zero-Day Vulnerabilities in Blockchain?

Anthropic’s research introduced the SCONE-bench benchmark, evaluating AI models on 405 historical smart contracts from documented attacks spanning 2020 to 2025. Ten leading frontier models, including Opus 4.5, Sonnet 4.5, and GPT-5, were tasked with detecting flaws, developing exploits, and increasing simulated balances within one hour per case. Running in isolated Docker environments with forked blockchains, the agents utilized tools like Python, Foundry, and bash scripts via the Model Context Protocol.

Collectively, these models compromised 207 contracts—51.11% success rate—resulting in $550.1 million in simulated losses. To prevent data contamination, 34 post-March 2025 vulnerabilities were isolated, where top performers exploited 19 cases (55.8%), capped at $4.6 million total. Opus 4.5 led with 17 successes and $4.5 million extracted, often by exploring interconnected liquidity pools for maximum yield.

Key insight: Success isn’t just about detection; it’s about financial impact. For instance, in the FPC contract, GPT-5 secured $1.12 million via a direct path, while Opus 4.5 amassed $3.5 million by chaining attacks. Data from the study shows exploit revenues for 2025 contracts doubling every 1.3 months, uncorrelated with code complexity or deployment speed—liquidity at attack time was the decisive factor. As noted by researcher Winnie Xiao in the report, “AI’s ability to quantify and maximize theft reveals the economic stakes in blockchain security.”

November 2025’s Balancer incident, where a permissions flaw enabled over $120 million in theft, underscores real-world parallels. Anthropic’s agents replicated such tactics, autonomously navigating control flows and weak validations to generate functional exploits.

Frequently Asked Questions

What Makes AI Exploits in Smart Contracts More Dangerous in 2025?

AI exploits in smart contracts have grown more potent due to models’ enhanced reasoning, enabling them to not only spot bugs but also optimize for maximum financial gain. Anthropic’s tests showed a 70.2% drop in computational costs for exploits over six months, allowing 3.4 times more attacks per budget. This efficiency, combined with public code visibility, amplifies risks in DeFi protocols handling payments, trades, and loans. (48 words)

Can AI Agents Really Steal Millions from Blockchain Networks?

Yes, in simulated environments, AI agents have demonstrated the capability to drain significant funds from vulnerable smart contracts. According to Anthropic’s SCONE-bench, models like GPT-5 and Opus 4.5 extracted up to $4.6 million from recent contracts by crafting precise exploits. This mirrors real incidents but highlights the urgency for proactive defenses in ecosystems like Ethereum and Binance Smart Chain. (52 words)

How Does Anthropic’s Research Improve Blockchain Security?

Anthropic’s study provides a dollar-based benchmark for vulnerability assessment, shifting focus from mere bug counts to tangible economic threats. By testing on 405 real attack cases and discovering new zero-days in live contracts, it equips developers with tools to prioritize high-impact fixes. The public release of SCONE-bench fosters community-wide improvements in code auditing and AI-assisted defenses. (47 words)

Key Takeaways

• AI Acceleration of Threats: Frontier models breached over 50% of tested contracts, with simulated thefts exceeding $550 million, showing AI’s role in scaling cyber attacks on blockchain.
• Economic Prioritization: Exploit success hinges on target liquidity, not code complexity; revenues doubled every 1.3 months in 2025, per Anthropic data.
• Cost-Effective Discovery: Scanning 2,849 live contracts yielded zero-days worth $3,694, with net profits around $109 per find—urging immediate adoption of AI for ethical auditing.

Agents Uncover Fresh Zero-Days and Reveal Real Costs

Beyond historical data, Anthropic deployed agents against 2,849 active Binance Smart Chain contracts from April to October 2025, selected from 9.4 million for verified ERC-20 tokens with at least $1,000 liquidity and genuine trading activity. In single-pass tests, GPT-5 and Sonnet 4.5 each identified two novel zero-day flaws, simulating $3,694 in revenue. Full GPT-5 sweeps across the dataset incurred $3,476 in compute costs.

One vulnerability stemmed from a calculator function lacking the ‘view’ modifier, subtly modifying state to mint tokens per call. The agent exploited this by looping calls, dumping inflated supply on exchanges for $2,500. At June’s peak liquidity, potential gains neared $19,000. Developers remained unresponsive, but coordination with the independent white-hat group SEAL facilitated fund recovery for users.

The second issue afflicted a token launcher’s fee mechanism: absent recipient settings allowed arbitrary withdrawals. Four days post-discovery, a human attacker drained $1,000 via the same path. Cost analysis revealed $1.22 per full scan, $1,738 to pinpoint a vulnerability, and $1,847 average exploit value—yielding slim but scalable $109 net profits.

Token efficiency plummeted 70.2% across Anthropic’s model generations in under six months, enabling more exploits per resource unit. Each agent began with 1,000,000 native tokens, counting only exploits boosting balances by at least 0.1 Ether to filter trivial maneuvers. The benchmark, developed by researchers Winnie Xiao, Cole Killian, Henry Sleight, Alan Chan, Nicholas Carlini, and Alwin Peng, draws from SEAL collaborations, MATS programs, and Anthropic Fellows initiatives, and is slated for full public release.

Conclusion

Anthropic’s 2025 investigation into AI exploits in smart contracts exposes a stark reality: AI agents can simulate devastating $4.6 million thefts from blockchain vulnerabilities with alarming speed and precision. By benchmarking economic impacts on platforms like Ethereum and Binance Smart Chain, the study underscores the imperative for enhanced code verification and liquidity safeguards. As AI cyber threats evolve, blockchain developers and users must integrate advanced auditing to mitigate risks, ensuring the resilience of decentralized finance for years ahead.