Contents
AI-Powered Exploits: A New Threat to Smart Contracts
Artificial intelligence is increasingly being used to identify and exploit vulnerabilities in smart contracts, raising concerns about the security of decentralized finance (DeFi) platforms. Researchers from University College London (UCL) and the University of Sydney (USYD) have developed an AI agent called A1 that can autonomously discover and exploit flaws in smart contracts written in Solidity, a programming language commonly used on blockchains like Ethereum and Binance Smart Chain.
Smart contracts are self-executing programs that automatically carry out transactions when specific conditions are met. However, they often contain bugs that can be exploited by malicious actors to steal funds. In 2023 alone, the cryptocurrency industry lost nearly $1.5 billion to hacking attacks, with over $11.74 billion stolen from DeFi platforms since 2017.
A1 leverages various AI models from companies like OpenAI, Google, DeepSeek, and Alibaba (Qwen) to generate exploits for these vulnerabilities. The system works by analyzing target parameters such as blockchain, contract address, and block number. It then gathers information about the contract’s behavior and identifies potential weaknesses. Once vulnerabilities are detected, A1 generates compilable Solidity contracts that can be tested against historical blockchain states.
Unlike other AI-based security tools, A1 produces executable code rather than just vulnerability reports. This makes it more powerful and closer to the capabilities of a human hacker. According to Liyi Zhou, a lecturer at USYD, “A1 performs full exploit generation. This is unlike other LLM security tools. The output is not just a report, but actual executable code.”
Testing and Performance
The researchers tested A1 on 36 real-world vulnerable contracts across Ethereum and Binance Smart Chain. The system achieved a success rate of 62.96% on the VERITE benchmark, identifying 17 out of 27 test cases. Additionally, A1 discovered nine new vulnerable contracts, five of which were identified after the training cutoff of the best-performing model, OpenAI’s o3-pro. This suggests that A1 isn’t simply regurgitating known vulnerabilities but can find new ones.
In terms of financial impact, A1 was able to extract up to $8.59 million per case, totaling $9.33 million across all successful experiments. The system was tested using six different large language models (LLMs), including OpenAI’s o3-pro and o3, Google’s Gemini Pro and Flash, DeepSeek’s R1, and Alibaba’s Qwen3 MoE. Among these, o3-pro and o3 had the highest success rates, at 88.5% and 73.1%, respectively.
Efficiency and Scalability
Manual methods for detecting smart contract vulnerabilities, such as code analysis and static or dynamic fuzzing, are limited by the complexity of the contracts and the scarcity of skilled security experts. A1 offers a more scalable solution, as it can automate the process and reduce the time required to find vulnerabilities.
Zhou explained that A1 could potentially be profitable, even if only one out of every 1,000 scans leads to a real vulnerability. This is because the cost of running the system is relatively low compared to the potential rewards. As AI models continue to improve, the system’s effectiveness is expected to increase over time.
Ethical and Legal Concerns
Despite its technical capabilities, A1 raises significant ethical and legal questions. The researchers initially planned to release the code as open source but later decided to keep it confidential due to concerns about its power and potential misuse. Zhou emphasized that the system’s ability to find fresh vulnerabilities could make it a valuable tool for both attackers and defenders.
The paper also highlights a growing asymmetry between the rewards for attacking and defending smart contracts. While attackers can afford to run thousands of scans to find vulnerabilities, defenders often face high costs and limited resources. This imbalance could lead to increased risks for DeFi platforms unless defensive measures become significantly more cost-effective.
Recommendations for Project Teams
Zhou recommends that project teams use tools like A1 to continuously monitor their own protocols instead of relying on third-party security firms. He argues that the current bounty system, which caps rewards at around 10% of the value locked in a contract, is insufficient to incentivize proactive security measures.
“From a security perspective, it’s a very strange assumption to trust third-party teams to act in good faith,” Zhou said. “I typically assume all players are financially rational when modeling security problems.”
As AI continues to evolve, the threat landscape for smart contracts will likely become more complex. Developers and security professionals must remain vigilant and adapt their strategies to counter emerging threats.
