However, the two most significant incidents were not simple smart contract exploits of the type that AI might design.
In one, a North Korea-linked group drained about $285 million from the Drift Protocol after a six-month social engineering campaign that gained it administrative access. For the other, the attacker exploited a single verifier flaw that allowed the siphoning of approximately $292 million from Kelp DAO.
Another example occurred on Tuesday, when Humanity Protocol, a decentralized human identity service, lost more than $30 million due to a private key compromise. CoinDesk discovered that a hacker gained access to three of the six private keys on an employee’s laptop,
That’s the problem. Although the most obvious smart contract prompts are exactly what Anthropic’s filters are designed to detect, the largest losses did not require a contract bug.
The exploits, Ledger’s Guillemet noted, come from familiar weak points: social engineering, poor signature flow, exposed keys and human error.
A model like Fable does not need to deliver a completed exploit to change the economics of an attack. It can read public repositories, compare older versions of software, summarize audit reports, and write compelling messages looking for small operational errors missed by humans.
“These exploits remain rooted in social engineering and human error.”
A defender, in such an environment, must secure every key path, every dependency, every signature flow, and every privileged account. Because AI speeds up the scouting phase, the final signing step becomes more important. Private keys need to be somewhere inaccessible to a compromised laptop, and users need a reliable display that shows what they’re actually trusting.
