OpenZeppelin AI Exploit Threat Vector

2025-12-02

MATS/Anthropic Fellows researchers publish SCONE-bench findings showing frontier AI models achieve greater than 51% autonomous exploitation rate on real-world smart contracts, with simulated exploit revenue doubling every 1.3 months.

2026-01-31

Step Finance confirms $27.3 million treasury theft via compromised executive device and private key exposure. Protocol subsequently shuts down operations.

2026-04-01

Drift Protocol suffers $285 million exploit on Solana, attributed to a six-month DPRK social engineering campaign. Attackers obtained pre-signed transactions from Security Council members to gain admin control.

2026-04-08

Anthropic releases Claude Mythos Preview to a restricted set of security partners via Project Glasswing. Internal and UK AI Security Institute evaluations document 181 working exploit scripts produced autonomously versus 2 for predecessor model.

2026-04-18

KelpDAO bridge exploit drains 116,500 rsETH (approximately $292 million) via LayerZero message spoofing, traceable to a social engineering compromise of a developer that began March 6, 2026. Attributed to Lazarus Group / TraderTraitor.

2026-05-26

Manuel Aráoz posts on X declaring 'all of DeFi unsafe,' citing AI coding agents as 'superhuman' at finding smart contract vulnerabilities and referencing Anthropic's Claude Mythos. Advises friends and family to exit all DeFi positions including Aave, MakerDAO, and Compound.

2026-05-27

OpenZeppelin current leadership under CEO Demian Brener distances company from Aráoz's remarks, stating his views do not represent OpenZeppelin's position. Marc Zeller of Aave Chan Initiative publicly disputes the thesis, arguing fewer than 10% of 2025-2026 DeFi losses stemmed from code-level vulnerabilities.