Skip to main content
Cybersecurity

AIs Exploiting Smart Contracts: Exclusive Dangerous Risks

AIs Exploiting Smart Contracts: Exclusive Dangerous Risks

What happens when the very code meant to remove human error becomes the vector for automated predation? That is no longer a hypothetical: recent research and threat reports show artificial intelligence systems learning to find and exploit flaws in smart contracts — the self-executing programs that underlie much of decentralized finance — turning what was sold as “trustless” automation into a new frontier for fast, profitable attack.

The problem is deceptively simple. Smart contracts are programs running on public blockchains whose rules cannot be changed once deployed. Their transparency, immutability and automation are strengths — and also a lure. Security teams once treated contract bytecode and static audits as the primary defenses. But actors, including state-linked groups, have learned to hide malicious capabilities inside contract artifacts and to use the chain itself as a distribution and control channel. Google’s Threat Intelligence Group has described a technique dubbed “EtherHiding,” where payloads and obfuscated references are embedded in bytecode or transaction fields so cursory inspection and signature-based scanning can miss them. That report warns this approach turns the immutable ledger into an unerasable delivery mechanism that complicates detection, takedown and attribution, and calls for defenders to move from static checks to dynamic, runtime analysis and coordinated incident response .

At the same time, independent research into AI capabilities demonstrates that automated agents can do more than passively sniff vulnerabilities — they can actively create, test and execute exploits. A recent MATS and Anthropic Fellows study introduced a benchmark of 405 real-world exploited contracts (SCONE-bench) and showed that contemporary models such as Claude Opus 4.5, Claude Sonnet 4.5 and GPT-5 collectively produced exploits reflecting millions of dollars in demonstrated value. In simulation against thousands of recently deployed contracts, agents uncovered novel zero-day flaws and produced practical exploits — a proof of concept that autonomous, profitable exploitation of on-chain code is technically feasible.

Why this matters: speed, scale and economics. Unlike human attackers who must laboriously analyze code, write exploits and test them, AI agents can iterate at machine scale. They can scan large swaths of newly deployed contracts, triage likely targets, and perform high-fidelity simulations of on-chain interactions. That speed compresses the window between vulnerability disclosure (or deployment) and exploitation — and when money is on the line, that window is where the damage happens.

Stakeholders see different facets of the dilemma:

  • Technologists: For auditors and security engineers, the math is stark. Static analysis and manual audits are necessary but insufficient. The adversary model has shifted — attackers may now include autonomous tools that can discover and weaponize complex, multi-contract logic, encoded obfuscation, or unusual edge cases at low cost. Defenders must adopt dynamic execution environments, richer provenance analysis, and on-chain telemetry that can detect anomalous flows in real time. The EtherHiding findings specifically recommend sandboxing, runtime monitoring and provenance tooling to spot contracts that resolve to off-chain payloads or exhibit odd gas/behavioral patterns .
  • Policymakers and law enforcement: The decentralized, cross-border nature of public blockchains undermines conventional takedown and seizure strategies. Immutable malicious code raises novel legal questions: can a malicious contract be “quarantined” without altering ledger integrity? Who is accountable when smart contracts act with machine-discovered malice? Answers require international cooperation, new incident-response playbooks, and possibly regulatory minimums for custody platforms and exchanges to limit automation when interacting with third-party contracts .
  • Users and platforms: Custodial services, automated market makers, wallets and bots that routinely interact with external contracts are on the front line. Operational mitigations include restricting automated interactions, instituting multisignature checks for high-value flows, and enforcing audit gates before integration. But these measures add friction and cost, challenging the core usability and permissionless ethos that made DeFi attractive.
  • Adversaries: For criminal enterprises or state actors, AI lowers the cost of reconnaissance and exploitation. Techniques like EtherHiding increase resilience — payloads placed on-chain cannot easily be removed — and AI agents can systematically find covert channels and chained vulnerabilities. That combination increases the durability and profitability of on-chain criminal campaigns .

There are specific, practical defenses that are both technical and organizational. On the technical side, defenders should:

  • Invest in dynamic, multi-path execution environments and fuzzing for contracts to exercise obscure code paths that static analysis misses.
  • Deploy runtime telemetry and anomaly detection to surface unexpected outbound calls, gas behaviors or interaction patterns.
  • Enhance provenance and dependency analysis to flag contracts that resolve to opaque off-chain resources or employ encoded payload stubs.

On the organizational and policy side, recommended actions include:

  • Mandating stricter audit and operational controls for platforms that execute or automatically interact with third-party contracts, including multisig and human-in-the-loop gates for high-value transactions.
  • Coordinating threat sharing across exchanges, custodians and law enforcement to accelerate detection and containment of malicious on-chain artifacts.
  • Exploring legal frameworks for labeling or isolating malicious contracts in ways that respect ledger immutability while protecting users.

There are limits and tradeoffs. Introducing more human oversight and friction counters the “dumb contract” ideal of fully automated, permissionless execution; yet relying solely on automation has proven dangerous. As one critic has long argued, a human process can be a security feature — not a bug — because judgment, context and coordinated response are still hard to replace. Conversely, defenders who overreact with heavy-handed controls risk stifling innovation and pushing developers to less transparent corners of the ecosystem.

We should also be candid about uncertainty. Benchmarks and red-team results create lower bounds for economic impact and show feasibility — they do not, by themselves, map the full landscape of threat actors, nor do they predict how defensive investments might shift attacker behavior. Still, when agents can be cost-effective exploiters of newly deployed contracts, the calculus of risk changes materially for everyone involved.

So where does this leave us? We are at a crossroads between two competing logics: the drive to minimize human friction by embedding trust in code, and the reality that intelligent adversaries — including machines — will look for the smallest failure modes and the quickest monetization paths. The sensible path forward is not to abandon automation, but to reintroduce layered human oversight, better runtime defenses, and international cooperation so that immutable ledgers do not become immutable arsenals.

If smart contracts were intended to replace fallible human judgment with flawless automation, the lesson now is that automation without robust, adaptive defenses invites new forms of exploitation. Will the ecosystem respond quickly enough to keep machines from turning immutable code into an immutable vector for theft?

Source: https://www.schneier.com/blog/archives/2025/12/ais-exploiting-smart-contracts.html