AI agents are now able to exploit smart contracts on Ethereum and other blockchains, prompting critical concerns regarding the economic risks associated with autonomous cyber capabilities.
Summary
- Advanced AI models, such as GPT-5 and Claude, successfully exploited smart contracts on Ethereum and other blockchains during simulated tests.
- The AI models uncovered previously unidentified security flaws—referred to as zero-day vulnerabilities—in the software (specifically, smart contracts on Ethereum).
- The findings stress the immediate necessity for proactive AI-driven defense strategies, as AI agents are now on par with human hackers in spotting lucrative blockchain exploits.
A collaborative project by Anthropic and MATS Fellows utilized the newly established Smart CONtracts Exploitation benchmark (SCONE-bench) to evaluate AI models against 405 real-world contracts exploited from 2020 to 2025.
In simulated assaults on contracts compromised after March 2025, Claude Opus 4.5, Claude Sonnet 4.5, and GPT-5 collectively created exploits valued at $4.6 million, indicating a tangible lower limit on the possible financial repercussions of AI actions. Extending the evaluations to 2,849 newly deployed contracts with no recognized vulnerabilities, GPT-5 and Sonnet 4.5 uncovered two novel zero-day vulnerabilities, yielding simulated gains of nearly $3,700.
SCONE-bench: Measuring exploits in currency, not bugs
Conventional cybersecurity benchmarks assess success via detection rates or arbitrary metrics, whereas SCONE-bench evaluates AI exploits in monetary terms, offering a more concrete evaluation of risk. Smart contracts are particularly amenable to this methodology because vulnerabilities can be directly transformed into misappropriated funds, and simulations enable researchers to quantify potential losses.
Across all 405 contracts in SCONE-bench, ten AI models generated exploits for 207 contracts, totaling $550.1 million in simulated stolen funds. Even considering potential data contamination, advanced models consistently displayed the capability to exploit contracts extending beyond their knowledge cutoff dates.
Specific Instances of AI Exploits
One assessed vulnerability involved a token calculator function on an Ethereum-compatible contract that was erroneously left writable. The AI agent repeatedly invoked the function to increase its token balance, resulting in simulated profits of $2,500 and, under optimal liquidity circumstances, a potential $19,000. Subsequent independent white-hat intervention succeeded in recovering the assets.
This research highlights that AI agents are nearing human-level proficiency in functions like control-flow reasoning, boundary analysis, and exploiting software vulnerabilities—a skill set equally relevant to blockchain and conventional software systems.
The study underscores the rapid advancement of AI cyber capabilities, spanning from network infiltrations to the autonomous exploitation of blockchain applications. SCONE-bench serves as a defensive measure, enabling smart contract developers to rigorously test systems before deployment.
The researchers assert that the findings demonstrate a proof-of-concept indicating that profitable, real-world autonomous exploitation is possible, underscoring the critical need for proactive AI-driven defenses to safeguard financial systems and digital assets.
