"Found a 27-year-old hidden bug"...Virtual asset market on alert due to AI hacker attacks

▲ Virtual Asset/ChatGPT Generated Image

Artificial intelligence (AI) technology is rapidly emerging as a new weapon threatening the decentralized financial ecosystem, fundamentally shaking up the security paradigm.

On April 25 (local time), the cryptocurrency YouTube channel Coin Bureau warned that virtual asset security faces the worst crisis in history as AI gains the ability to find vulnerabilities in code. In the first quarter of 2026 alone, $450 million was siphoned from decentralized finance (DeFi) protocols through 145 attacks. In April, another $66 million evaporated in just 18 days, causing the Total Value Locked (TVL) to plummet from $110 billion in January to $82 billion.

AI-powered attacks hold an overwhelming advantage in terms of cost and speed. Anthropic's latest model, Claude Mythos, instantly discovered a zero-day vulnerability that had gone undetected for 27 years. The cost to scan an entire smart contract is a mere $1.22. The time it took to discover vulnerabilities and execute attacks, which used to be 2.3 years, has now been shortened to less than 24 hours.

Recent large-scale hacking incidents demonstrate the power of these AI-based attacks. On April 1, $285 million was leaked from Solana (SOL)-based Drift Protocol. On the 18th, the Kelp DAO bridge was attacked, resulting in a loss of $293 million. Both incidents are suspected to be the work of North Korea's Lazarus Group, which meticulously stole $577 million in just one month.

AI is generating vulnerabilities simultaneously as it writes code. Research shows that approximately 45% of AI-generated code contains security vulnerabilities. For the Java language, the failure rate exceeded 70%. While developers are accelerating development with AI, attackers are using AI to exploit those loopholes even faster. A vicious cycle is repeating where AI finds vulnerabilities in the code it created itself and then exploits them.

Security threats are expanding beyond the virtual asset market to traditional finance. AI has discovered dozens of decades-old vulnerabilities in cryptographic libraries like OpenSSL. This means that global bank payment systems and the Swift network are also exposed to risk. This is why US Treasury Secretary Scott Bessant and Federal Reserve Chair Jerome Powell held an emergency meeting with top executives of major banks.

The defense side is also responding by releasing AI auditing tools. CertiK, Coinbase, and others have adopted AI security solutions that are much cheaper and faster than manual reviews. However, the structural imbalance is severe: attackers only need to succeed once, while defenders must succeed every time. The fact that 99% of currently discovered vulnerabilities remain unpatched clearly demonstrates the limitations of security responses.

Users must apply stricter standards to protect their assets. Cross-chain bridges and restaking tokens are the most vulnerable areas, where smart contract risks are concentrated. When using new protocols, users must verify at least two security audit results and whether real-time monitoring is applied. The confrontation between AI and virtual assets is now an unavoidable reality, and it must be recognized that attackers are in the early stages of gaining the upper hand.

*Disclaimer: This article is for investment reference only and we are not responsible for any investment losses based on it. The content should be interpreted for informational purposes only.*