The frequency of on-chain attacks against cryptocurrency projects has more than tripled since the widespread adoption of artificial intelligence, according to a stark new analysis by BlockBeats. The data shows a clear shift in the security landscape of decentralized finance (DeFi) and blockchain ecosystems, with attackers increasingly leveraging AI to automate vulnerability discovery and exploit execution at scale.
BlockBeats reports that the monthly average of on-chain attacks was just 3.7 incidents between 2020 and 2021, before AI tools became widely accessible. Since then, the average has surged to 10.4 attacks per month, with a cumulative total of 250 recorded attacks. The analysis highlights that 2024 has seen an even sharper increase as AI capabilities have advanced, suggesting attackers are using automation to probe thousands of smart contracts for weaknesses in minutes—a task that previously required significant manual expertise.
Zcash Bug Triggers Panic
A chilling example emerged this week when a critical vulnerability in the Zcash privacy network was uncovered using Anthropic's newly released Opus 4.8 AI model. The bug, which had existed in the network for four years, could have allowed an attacker to print unlimited counterfeit tokens. Although the flaw was quickly remediated by Zcash developers, the disclosure caused panic, sending the ZEC token down nearly 38% in 24 hours. Some community members even declared "Crypto is dead" on social media.
The discovery was made by Shielded Labs, a nonprofit developer on the Zcash system. The incident has raised urgent questions about whether similar undiscovered flaws exist across crypto and even traditional banking software. Experts warn that with the upcoming release of Anthropic's even more powerful Mythos AI model, the threat could escalate dramatically.
Industry Reacts: Formal Verification as the Only Path
Prominent voices are pointing to formal verification as the critical countermeasure. Haseeb Qureshi, Managing Partner at crypto VC firm Dragonfly and an early Zcash investor, said on X that while AI found the bug, it will also deliver the fix. "Formally verified cryptography can't have implementation bugs by construction," he stated, calling it "the path to harden all software across the industry."
Ben Goertzel, CEO of AI firm SingularityNET, echoed this in a CoinDesk interview, noting that similar vulnerabilities are likely hiding not just in other cryptocurrencies but also in the banking system's software infrastructure. Ethereum co-founder Vitalik Buterin previously explained that formal verification involves "writing proofs of mathematical theorems in such a way that these theorems can be checked automatically," and he believes AI-assisted formal verification could become one of the most important tools for cybersecurity.
However, Ronghui Gu, CEO and co-founder of security firm CertiK, highlighted the asymmetric nature of the current security war. "Hackers are highly motivated by profit—they can burn a massive number of AI tokens on a single target, while security firms must protect hundreds of clients simultaneously," he said. To address this, firms are integrating automated scanners into daily development workflows and relying on mathematical proofs to guarantee contract safety.
The takeaway from both the BlockBeats data and the Zcash incident is clear: as AI evolves, so do the methods of attackers. The industry's ability to keep pace will depend on rapid adoption of formal verification, continuous real-time monitoring, and community-wide vigilance.
