Representatives of traditional and global central banks saw a threat in new artificial intelligence (AI) capabilities capable of finding breaches in computer systems. This came amid testing of the Claude Mythos Preview, an experimental AI tool from Anthropic, which has already demonstrated the ability to find multiple critical vulnerabilities in all key operating systems and browsers. And this is forcing the crypto market to rethink all security systems now, so as not to become a target for neural networks, RBC writes.
Just as Mythos appeared in public discussions, the crypto market faced a series of hacks affecting infrastructure vulnerabilities. As it turned out, “holes” in the security of blockchain solutions lie not so much in the code of smart contracts, but in the infrastructure serving them – access key management systems, price oracles and firewalls, which traditional audits rarely take into account when assessing risk.
The first alarming comments about threats from new AI models came not from the crypto market, but from traditional finance. Andrew Bailey, Governor of the Bank of England and Chairman of the Financial Stability Board (FSB), called the situation “a very serious challenge” and emphasized that regulators will have to assess cyber risks to the global financial system on an accelerated basis. He was supported by European Central Bank (ECB) President Christine Lagarde. She assessed Mythos as an example of a development that, if it falls “into the wrong hands,” could have catastrophic consequences.
Executives from JPMorgan, Morgan Stanley, BNY and Citigroup also confirmed that they are working with the beta version of Mythos to identify “a lot of vulnerabilities that need to be fixed.” Although in parallel, they are also exploring the potential benefits in terms of improved infrastructure efficiency and cyber defense.
In April alone, attackers caused at least $570 million worth of damage to the crypto market by exploiting vulnerabilities in firewalls and complex social engineering schemes. And the accumulated amount of such losses since the beginning of the year is about $800 million. The most notable in terms of consequences for the industry was the $290 million hack of the Kelp DAO firewall. The situation caused problems not only for Kelp customers, but also for users of the largest credit protocol Aave, as well as for dozens of protocols in the crypto market, which suspended or limited the operation of protocols.
Decentralized finance (DeFi) has thus simultaneously experienced both the effects of systemic problems in the sector and a wave of concerns about AI’s capabilities. And some researchers attribute the surge in successful attacks to the emergence of powerful neural networks, particularly Mythos.
A new reality for DeFi
Traditional banks can urgently patch vulnerabilities found through AI, but DeFi protocols are in a more vulnerable position. Their architecture implies openness and immutability of code. And if AI finds a critical error in a smart contract, it is impossible to fix it instantly. In this case, it is rarely possible to harmonize everything in hours, most often the process takes days.
From a security point of view, it is even worse that DeFi projects operate in largely similar infrastructure mechanisms, which, if they fail, can affect several interconnected solutions at once.
“Composability is what makes DeFi capital-efficient and innovative.But it also means that a minor vulnerability in one protocol can be a critical vector for potentially infecting the entire ecosystem,” said Paul Wijender, head of security at Gauntlet, which manages risk for Aave.
Vijender added that when thinking about AI threats to crypto projects, he is more worried about the “human and infrastructure” layer of security. And his words point precisely to the two major vulnerabilities of April, which cost a combined total of more than $570 million in less than a month.
Aave founder Stani Kulechov noted that it’s no surprise that attackers are using AI, as “it’s just an evolution of the tools they’re using,” uncovering old bugs that were previously irrelevant. But Koulechov also pointed out that the same tools will also give developers the ability to run better and more stringent stress tests for their projects.
The Aave founder’s opinion was echoed by Hayden Adams of Uniswap, founder of Uniswap, the largest decentralized exchange. He noted that projects that do not use new tools today “will be in the zone of the greatest risk”.
