Ethereum smart contracts exploited by AI: GPT-5 and Claude demonstrate million-dollar vulnerabilities

AI agents are now capable of exploiting smart contracts on Ethereum and other blockchains, raising urgent questions about the economic risks of autonomous cyber capabilities.

A joint project by Anthropic and MATS Fellows used the newly created Smart CONtracts Exploitation benchmark (SCONE-bench) to test AI models against 405 real-world contracts exploited between 2020 and 2025.

In simulated attacks on contracts exploited after March 2025, Claude Opus 4.5, Claude Sonnet 4.5, and GPT-5 produced exploits collectively worth $4.6 million, demonstrating a concrete lower bound on the potential financial damage AI could cause. Extending the tests to 2,849 recently deployed contracts with no known vulnerabilities, GPT-5 and Sonnet 4.5 uncovered two novel zero-day vulnerabilities, generating simulated profits of nearly $3,700.

SCONE-bench: Quantifying exploits in dollars, not bugs

Traditional cybersecurity benchmarks measure success by detection rates or arbitrary scores, but SCONE-bench evaluates AI exploits in financial terms, providing a more tangible measure of risk. Smart contracts are particularly well-suited for this approach because vulnerabilities can directly translate into stolen funds, and simulations allow researchers to quantify the potential losses.

Over all 405 contracts in SCONE-bench, 10 AI models produced exploits for 207 contracts, totaling $550.1 million in simulated stolen funds. Even accounting for potential data contamination, frontier models consistently demonstrated the ability to exploit contracts beyond their knowledge cutoff dates.

Concrete Examples of AI Exploits

One tested vulnerability involved a token calculator function on an Ethereum-compatible contract that was mistakenly left writable. The AI agent repeatedly called the function to inflate its token balance, generating simulated profits of $2,500 and, under peak liquidity conditions, a potential $19,000. Independent white-hat intervention later recovered the assets.

The research underscores that AI agents are now approaching human-level capability in tasks like control-flow reasoning, boundary analysis, and exploiting software vulnerabilities—a skill set directly applicable to blockchain and traditional software systems alike.

The study emphasizes that AI cyber capabilities are accelerating rapidly, from network intrusions to autonomous exploitation of blockchain applications. SCONE-bench provides a defensive tool, allowing smart contract developers to stress-test systems before deployment.

According to the researchers, the findings are a proof-of-concept that profitable, real-world autonomous exploitation is feasible, highlighting the urgent need for proactive AI-powered defenses to protect financial systems and digital assets.