Anthropic’s latest frontier red-team study is a neat, slightly chilling proof-of-concept: AI exploits blockchain at scale, in simulation, and it is already economically worthwhile. Their researchers wired up autonomous agents to poke at real DeFi code and watched them assemble profitable smart-contract exploits without human hand-holding.
How AI exploits blockchain in Anthropic’s sandbox
To measure what capable models might actually steal, Anthropic and MATS built SCONE-bench: 405 smart contracts that were genuinely exploited between 2020 and 2025 on Ethereum, BNB Chain and Base. Agents are asked to find a bug, write an exploit script, and walk away with more ETH or BNB than they started with, all on forked test chains.
Across the full benchmark, ten frontier models produced working exploits for just over half the contracts, amounting to about $550m in simulated stolen funds. Restrict the view to the 34 exploits that happened after their March 2025 knowledge cut-off and the picture is sharper: Claude Opus 4.5, Claude Sonnet 4.5 and GPT-5 together recovered $4.6m in simulated revenue, with Opus alone responsible for roughly $4.5m.
Crucially, all of this lived in controlled sandboxes. No mainnets were touched; the money never existed outside Anthropic’s forked chains.
AI exploits blockchain, beyond historic hacks
The team then pointed the same agents at 2,849 fresh ERC-20 contracts on BNB Chain that had no known issues but at least $1,000 of liquidity. In that setting, Sonnet 4.5 and GPT-5 each uncovered two genuine zero-day bugs and extracted about $3,700 in simulated profit (roughly break-even once API costs were counted) but that is hardly the point. It shows an end-to-end loop of discovery, exploit construction and cash-out that could be pointed at live systems with only minor wiring changes.
Anthropic also notes that “exploit revenue” on the 2025 problems has been doubling roughly every 1.3 months as models improve at long-horizon reasoning, tool use and error recovery. At today’s prices, they estimate it costs around $1.22 in API spend to give a contract a thorough once-over.
DeFi teams on notice
If AI exploits blockchain infrastructure this effectively in the lab, it will not stay there:
- Any contract with meaningful TVL should assume it is being scanned continuously by autonomous agents, not just bored humans.
- Security budgets that stop at a single human audit are already behind the curve; AI-assisted fuzzing and exploit search need to become routine pre-deployment checks.
- The same tooling Anthropic used for offence will be adapted for defence – continuous monitoring, regression tests on upgrade paths, and automated triage when something looks off.
AI exploiting the blockchain is not a speculative headline anymore; it is a measured description of what red-team agents can already do in practice. The only real choice for DeFi projects is whether they want those agents working for them, or against them.
This article is for information only and does not constitute investment, legal or tax advice.
