GAS: 0.0271 Gwei
Security by Mark Zimmerman // Technical Writer

Anthropic AI Agents Hack Smart Contracts for $1.22; $4.6M Exploited in Simulation

Anthropic AI Agents Hack Smart Contracts for $1.22; $4.6M Exploited in Simulation

For the price of a coffee, AI agents can now autonomously shatter DeFi security.

Anthropic’s Frontier Red Team released findings Tuesday demonstrating that its AI agents autonomously identified and exploited vulnerabilities in smart contracts, extracting $4.6 million in simulated value. The average cost to scan a contract for these flaws was just $1.22.

The research, conducted with the MATS program, signals a collapse in the economic barrier to entry for cyberattacks. The agents reconstructed 19 real-world hacks from scratch—without seeing the original exploit code—using models like Claude Opus 4.5 and GPT-5.

The Economics of Automated Attacks

The report details a terrifying efficiency curve for DeFi protocols. In a test against 2,849 live contracts on BNB Chain, the agents discovered two novel “zero-day” vulnerabilities. These were not historical re-enactments; they were previously unknown flaws in active contracts.

“The average cost per vulnerable contract identified was $1,738, with net profit around $109 per exploit at current capabilities.”

While the per-exploit profit appears low, the trend line is the signal. Anthropic notes that token usage required for a successful exploit dropped 70% in the last six months. Consequently, the potential revenue from AI-driven exploits is doubling every 1.3 months.

Live Fire on BNB Chain

To prove the concept wasn’t limited to sandboxes, the team unleashed agents on live code (safeguarded by white-hat disclosure protocols).

  • Target: 2,849 recently deployed BNB Chain contracts.
  • Result: Two zero-day exploits found.
  • Cost: $3,476 total inference cost for the entire sweep.

The agents didn’t just flag lines of code; they “synthesized full exploit scripts, sequenced transactions, and drained simulated liquidity,” mirroring the behavior of sophisticated state-sponsored hackers.

The Security Gap

This development destroys the assumption that finding exploits requires expensive, high-level human expertise. With the capability doubling monthly, traditional quarterly audit cycles are effectively obsolete.

Anthropic framed the release as a warning: “The window for developers to detect and patch vulnerabilities after deploying vulnerable contracts on-chain will shrink.”

The team confirmed the zero-day vulnerabilities were disclosed to the affected projects before publication.

> ABOUT_THE_AUTHOR _

Mark Zimmerman

// Technical Writer

Hi, I'm Mark. My journey into the blockchain industry began on the investment side, where I worked as a developer in charge of DeFi operations for a digital asset-focused firm, eventually becoming a partner. I transitioned from the financial side of crypto to the deep technical trenches as a Solidity developer, a central limit order book built on the Avalanche blockchain. That hands-on experience building decentralized applications gave me a rigorous understanding of the challenges developers face when working with distributed ledger technology. Currently, I work as a Technical Writer at CoinWatchDaily, where I focus on bridging the gap between complex low-level code and accessible developer education.

VIEW_PROFILE >>
TAGS:

RELATED INTELLIGENCE

Lazarus Dev Box Popped: LummaC2 Leak Ties Rig to $1.4B Bybit Heist

Binance Sued for $1B by Oct 7 Victims Over Terror Financing

Thailand Orders Worldcoin to Delete 1.2M Iris Scans