AI-augmented hacks drain $1.5M from Ethereum in 48 hours

GoPlus Security reported four separate smart contract exploits on the Ethereum mainnet and connected chains during a 48-hour window ending April 29. The incidents drained more than $1.5 million in combined losses.

One incident moved roughly $333,868 in nine transactions across Ethereum, Arbitrum, Base and BSC. ZetaChain’s post-mortem report states that no user funds were lost because the three affected wallets belonged to the ZetaChain team. The attacker exploited a GatewayEVM contract feature that allowed arbitrary calls. The gateway had no strict blocklist, which let the attacker instruct transfers of token allowances held by the team wallets. The attacker funded wallets through Tornado Cash three days before the exploit while mimicking a target wallet. ZetaChain acknowledged earlier bug bounty reports about the issue were dismissed and has paused cross-chain transactions while rolling out a patch to disable the risky code.

GoPlus Security identified other losses during the same window: an on-chain aggregator contract lost about $983,000 from missing access controls; an unauthorized third-party vault tied to TradingProtocol lost about $398,000 due to missing permission checks; a BCB contract lost about $39,800 to a reentrancy flaw; and a QNT asset contract lost about $124,900 from an arbitrary-call vulnerability.

A16z crypto tested an off-the-shelf AI coding agent against 20 past Ethereum price-manipulation incidents. When given only a contract address and basic tools, the agent exploited a vulnerability in 10% of tests. When the agent received structured information on common attack patterns, such as vault donation exploits and automated market maker pool manipulation, the success rate rose to 70%. Researchers observed the AI can identify bugs but may struggle with complex, multi-step attacks; one test agent attempted to extract a secret key from its environment to access future block data.

Anthropic released a model called Claude Mythos Preview and reported it can autonomously find and write working exploits for zero-day vulnerabilities across major operating systems and browsers. The company said improvements that make the model effective at patching software can also enable it to generate exploit code. In testing, an agent with access to Etherscan’s transaction API located past attack transactions and reverse-engineered them into exploit scripts.

Security teams and protocol developers are deploying automated code analysis, pattern recognition for known exploit types and AI-assisted auditing to scan contracts for issues such as missing access controls, reentrancy vulnerabilities and unsafe arbitrary-call permissions. Protocol teams are reviewing incident disclosure processes after earlier bug reports were not acted on.

Reported data show DeFi thefts in April exceeded the combined total for the first three months of the year. Security firms say AI can speed both discovery and exploit development, while human operators remain involved in many complex breaches.