Anthropic Warns AI Agents Can Exploit Smart Contracts, Stole Millions In Simulations

Anthropic says AI agents can already exploit smart contracts and have drained millions in simulated tests on multiple blockchains.

The AI research firm said in a Dec. 1 research report that agents using models including Claude Opus 4.5 and Claude Sonnet 4.5 uncovered vulnerabilities and stole $4.5 million in tests across seven contracts.

In a broader benchmark, they compromised 207 contracts across Ethereum, Base, and BNB Smart Chain for $550 million in simulated revenue.

Anthropic said the findings show the growing risk that attackers could weaponize agentic systems as AI advances. The firm also noted that the same tools could be deployed defensively to detect and patch flaws.

”Profitable autonomous exploitation can happen today,” Anthropic said. “Our proof-of-concept agent’s further discovery of two novel zero-day vulnerabilities shows that these benchmark results are not just a retrospective.”

The AI agents used in the experiments uncovered vulnerabilities including authorization bugs allowing the withdrawal of user funds, unprotected read-only functions that gave the AI agents the ability to manipulate token supplies, and missing validations in fee withdrawal logic. 

Anthropic Says Proactive Adoption Of AI Needed For Defense

Its tests took place in a mock blockchain environment on previously exploited smart contracts that were deployed after March 2025. The firm said the agents successfully exploited seven out of 34 test smart contracts. 

In addition to those contracts, Anthropic had also tasked Sonnet 4.5 and GPT-5 with scanning 2,849 contracts that were recently deployed and have no known vulnerabilities. 

With that test, the firm said that the models uncovered two novel zero-day vulnerabilities that could be exploited, with the potential to walk away with $3,694. During this experiment, GPT-5 had identified the exploits with an API cost of $3,476. 

That, according to the firm, “demonstrates as a proof-of-concept that profitable, real-world autonomous exploitation is technically feasible, a finding that underscores the need for proactive adoption of AI for defense.”

AI Agents Present A Double-Edged Sword

Anthropic said that over half of the exploits that were carried out this year, which it speculated were by skilled human attackers, “could have been executed autonomously by current AI agents.” 

Anthropic noted that the rapid development of AI led to the mock revenue stolen in the testing environment doubling every 1.3 months over the past year. 

Revenue generated with different AI models (Source: Anthropic)

The firm warned that attackers may increasingly turn to AI agents to exploit smart contracts as the costs of doing so continue to fall, “no matter how obscure” the vulnerability may be. This can include a forgotten authentication library, an obscure logging service, or even a deprecated API endpoint, the report warned. 

However, Anthropic did add that the technology can be used for good as well. The firm noted that the same AI models could serve as agentic whitehat hackers that can identify and patch bugs in smart contracts. 

To help developers create more secure and robust smart contracts going forward, Anthropic said that it plans to open-source its smart contracts exploitation benchmark (SCONE-bench) dataset.

“We hope that this post helps to update defenders’ mental model of the risks to match reality — now is the time to adopt AI for defense,” Anthropic said.

Related Articles:

• Best New Crypto Coins Positioned For the Next Bull Run 
• BNB Price Dips as YZi Labs Pushes for Control of CEA Industries
• Tom Lee Predicts Bitcoin Could Reach New All-Time High by January 2026