However, the two largest incidents were not simple smart contract exploits of the type that AI could design.
In one, a group linked to North Korea siphoned about $285 million from Drift Protocol after a six-month social engineering campaign that earned it administrative access. On the other hand, the attacker exploited a single verifier flaw that allowed approximately $292 million to be diverted from Kelp DAO.
Another example occurred on Tuesday, when Humanity Protocol, a decentralized human identity service, lost more than $30 million due to a private key compromise. CoinDesk discovered that a hacker gained access to three of six private keys on an employee’s laptop.
Therein lies the problem. While the most obvious indications from smart contracts may be exactly what Anthropic’s filters are designed for, the biggest losses have not required a contract error.
The exploits, Ledger’s Guillemet noted, come from familiar weaknesses: social engineering, bad signing flows, exposed keys and human error.
A model like Fable does not need to deliver a finished exploit to change the economics of an attack. You can read public repositories, compare old versions of software, summarize audit reports, and write compelling messages that look for small operational errors that humans miss.
“These exploits remain rooted in social engineering and human error.”
A defender, in such an environment, has to secure every key route, every dependency, every signature flow, and every privileged account. As AI accelerates the exploration phase, the final signing step becomes more important. Private keys must be located somewhere that a compromised laptop cannot access, and users need a reliable display that shows what they are actually approving.
