AIs Exploiting Smart Contracts

I have long maintained that smart contracts are a dumb idea: that a human process is actually a security feature.

Here’s some interesting research on training AIs to automatically exploit smart contracts:

AI models are increasingly good at cyber tasks, as we’ve written about before. But what is the economic impact of these capabilities? In a recent MATS and Anthropic Fellows project, our scholars investigated this question by evaluating AI agents’ ability to exploit smart contracts on Smart CONtracts Exploitation benchmark (SCONE-bench)a new benchmark they built comprising 405 contracts that were actually exploited between 2020 and 2025. On contracts exploited after the latest knowledge cutoffs (June 2025 for Opus 4.5 and March 2025 for other models), Claude Opus 4.5, Claude Sonnet 4.5, and GPT-5 developed exploits collectively worth $4.6 million, establishing a concrete lower bound for the economic harm these capabilities could enable. Going beyond retrospective analysis, we evaluated both Sonnet 4.5 and GPT-5 in simulation against 2,849 recently deployed contracts without any known vulnerabilities. Both agents uncovered two novel zero-day vulnerabilities and produced exploits worth $3,694, with GPT-5 doing so at an API cost of $3,476. This demonstrates as a proof-of-concept that profitable, real-world autonomous exploitation is technically feasible, a finding that underscores the need for proactive adoption of AI for defense.

Tags: academic papers, AI, blockchain, exploits

Posted on December 11, 2025 at 12:06 PM • 6 Comments

Comments

KC • December 11, 2025 4:18 PM

From the research:

Open-source codebases, like smart contracts, may be the first to face this wave of automated, tireless scrutiny.

But it is unlikely that proprietary software will remain unstudied for long, as agents become better at reverse engineering.

No one can not use AI for defense IMO.

In our experiment, it costs just $1.22 on average for an agent to exhaustively scan a contract for vulnerability.

The exploit returns are so incredibly profitable and the AIs are only getting better.

Clive Robinson • December 11, 2025 11:20 PM

@ Bruce, ALL,

“I have long maintained that smart contracts are a dumb idea”

The fact humans can not get the basic rules of any agreement from simple verbal and paper contracts to work reliably, kind of suggests that it’s the actual process of agreement that is at fault.

Thus the question arises of,

“Why would anyone think that throwing a computer at a failed human model will some how magically fix the failings in the model?”

Then when you take a step back from that issue, you realise that in most cases all the computer is being asked to do is become a “new form of paper” not “a new way to implement contracts”.

Which brings us around to the definition of madness attributed to Einstein of,

“Doing the same thing over and over again and expecting different results.”

The reality is “Smart Contracts” are just another loop around,

“The hamster wheel of madness”.

That is you put in a lot of effort, and go around and around vigorously, whilst never actually going anywhere, let alone do anything of use (unless wasted effort is the goal).

What most fail to realise is “contracts are actually”,

1, Independent of the medium they are recorded in/on.
2, A form of “ranked order” voting protocol[1].

And that as a result, “A contract is always,

3, More than two party.
4, Unfair due to the number of parties involved[2].

The consequence of which is “All contracts are”,

5, Gameable.
6, Always open to manipulation in some way.

It’s why we have “judges and juries” to rectify any manipulation.

The fact that the supposed major advantage of “Smart Contracts” is that it removes “judges and juries” from the contract process should be a very large “Red Flag”.

Because it means,

“That ‘Unresolvable Fraud’ always comes built in with Smart Contracts”

[1] The definition of a ‘ranked order’ system, is a process where involved parties in a group or society, rank outcomes in the order of their collective preference based on their individual prefrences. Importantly the outcome can not be known in advance because it is dependent on “performance”. And secondly that there is no residual value left after an outcome is reached, so the process naturally terminates[3].

[2] Voting systems thus “fair contracts” are always “ranked”[1] in some way and should be designed to be both “fair and rational” to all parties.

Unfortunately they are subject to the “General Possibility Theorem”. Which was the result of research by economist Kenneth J. Arrow, that he proved back in 1950.

His theorem also known as “Arrow’s Impossibility Theorem” demonstrates that no voting system can simultaneously satisfy a set of apparently reasonable criteria for “fairness and rationality”,

https://en.wikipedia.org/wiki/Arrow%27s_impossibility_theorem

It brought forth a new knowledge and research domain known as “social choice theory”,

https://en.wikipedia.org/wiki/Social_choice_theory

Which researches how individual preferences of parties in a group or society can be aggregated to make agreed collective decisions. That then get formed into binding policy, contracts, and agreements amongst the parties. It looks into the mechanisms through which groups of individuals can reach decisions that reflect the preferences of the parties of the group.

[3] In mathematics and information theory we have the Church-Turing thesis that demonstrates that a deterministic system above very minimal complexity can not be shown to “halt”. It is one of the reasons their needs to be an independent arbiter of judge and jury for contracts.

finagle • December 12, 2025 4:11 AM

or more succinctly…
computers allow you to make mistakes faster than any combination other than handguns and tequila.

I agree the concept of Smart Contracts is a poor one, the idea of agency without oversight should make anyone cringe in any field, IT or human.

Of course the conclusion of the researchers is that if introducing technology to automate something causes problems, then what we need is more technology.

Clive Robinson • December 12, 2025 9:25 AM

@ finagle, ALL,

With regards,

“Of course the conclusion of the researchers is that if introducing technology to automate something causes problems, then what we need is more technology.”

Not all researchers think that way because of the historically well known issue that,

“More poison does not cure the effects of even a little poison”.

One of the things we’ve learnt about “technology” is also,

“More is mostly not better”

Because “complexity increases” which is very rarely better even after a very small increase. Worse as any increase in size to accommodate such an increase reduces the speed of a coherent system.

We’ve recently seen with the “blind grope for AGI”, how even with tremendous scaling upwards the results have “not produced” anything remotely close to “what was promised”…

Something that “actual engineers” with experience have known is the most likely outcome.

Normally the only scaling results seen are “Early Heat Death” due to thermal run away. High heat also significantly reduces the working life of semiconductors… Oh and greater demand for energy and cooling and other resources result in the performance graphs tending toward negative results…

369 • December 13, 2025 6:37 PM

https://news.yahoo.com/news/articles/scientists-detect-life-without-knowing-143220252.html

‘When NASA scientists opened the sample return canister from the OSIRIS-REx asteroid sample mission in late 2023, they found something astonishing.

Dust and rock collected from the asteroid Bennu contained many of life’s building blocks, including all five nucleobases used in DNA and RNA, 14 of the 20 amino acids found in proteins, and a rich collection of other organic molecules.

These are built primarily from carbon and hydrogen, and they often form the backbone of life’s chemistry.

These discoveries raise a deeper question – one that becomes more urgent as new missions target Mars, the Martian moons and the ocean worlds of our solar system:

How do researchers detect life when the chemistry alone begins to look “lifelike”? If nonliving materials can produce rich, organized mixtures of organic molecules, then the traditional signs we use to recognize biology may no longer be enough.

LifeTracer is a unique approach for data analysis: It works by taking in the
fragmented puzzle pieces and analyzing them to find specific patterns, rather than reconstructing each structure.

It characterizes those puzzle pieces by their mass and two other chemical properties and then organizes them into a large matrix describing the set of molecules present in each sample.

It then trains a machine learning model to distinguish between the meteorites and the terrestrial materials from Earth’s surface, based on the type of molecules present in each.

One of the most common forms of machine learning is called supervised learning.
It works by taking many input and output pairs as examples and learns a rule to go from input to output. Even with only 18 samples as those examples, LifeTracer
performed remarkably well. It consistently separated abiotic from biotic origins.

These discoveries suggest that the contrast between life and nonlife is not defined by a single chemical clue but by how an entire suite of organic molecules is organized. By focusing on patterns rather than assumptions about which molecules life “should” use, approaches like LifeTracer open up new possibilities for evaluating samples returned from missions to Mars, its moons Phobos and
Deimos, Jupiter’s moon Europa and Saturn’s moon Enceladus.’

lurker • December 14, 2025 11:44 AM

@369

We already have analytical mothods to determine if a clean cannister was fitted to that probe, or have they checked it wasn’t one of the training ones, full of tech’s dandruff?

AIs Exploiting Smart Contracts

Comments

Leave a comment Cancel reply