News
10 Jun 2026, 07:08
How One Guy Used Claude Code to Discover a Billion-Dollar Bug

Taylor Hornby, a security researcher who works with Shielded Labs, discovered a bug on May 29, 2026 – just one day after Anthropic released Opus 4.8- that resulted in billions of dollars removed from the project’s market capitalization. The flaw affected a shielded pool within the protocol’s design that powered private Zcash transactions, and was serious enough to trigger an emergency response across the entire ecosystem. It resulted in a sudden sell-off that saw ZEC’s price crash by roughly 60%, thereby erasing more than $4 billion in market cap. The short version of the story is relatively simple: a missing constraint in Zcash’s Orchard circuit could have allowed a malicious prover to spend the same shielded note many times over while producing different nullifiers. In practice, this means an attacker could have inflated ZEC within the Orchard pool without leaving an on-chain fingerprint. The scary part is that this bug has existed since Orchard went live, and this happened in May 2022. Therefore, the total exposure window lasted for around four years, before it was ultimately patched shortly after Hornby discovered it. AI Helped Find The Critical Vulnerability This story isn’t just about the flaw, but the way it was found. Hornby said he used a custom “zcash-full-stack-auditor” agent framework with Claude Opus 4.8. It was designed to work at maximum effort and was pointed at the halo2 implementation, including the Orchard circuit. The AI was searching for soundness and zero-knowledge security issues. The researcher reported that around 6 p.m. on May 29, one of the audit agents flagged a vulnerability that it believed could be used to double-spend Orchard notes. Hornby then used Claude to help write proof-of-concept code against a similar circuit, before testing the issue against the real Orchard circuit. Testing the Exploit with Claude Hornby later built a full test in Zcash’s local regtest mode, where the exploit doubled the value of an Orchard note until the test wallet balance exceeded 10 million ZEC. These transactions were never broadcast to mainnet or testnet, of course, but the test itself was significant because regtest applies the exact same validation rules, meaning that it could have been done on mainnet with the same degree of success. Per the official disclosure, the full PoC took roughly six hours to develop using Claude Code’s help. Hornby said the model needed relatively little guidance beyond a few hints. Of course, it’s important to understand that this doesn’t mean that AI independently “hacked Zcash.” Taylor Hornby is a renowned specialist security researcher. That audit was targeted, and the tools were custom-built. Still, the case shows how some frontier AI models are beginning to significantly reduce the time required to investigate highly complex, technical systems. The post How One Guy Used Claude Code to Discover a Billion-Dollar Bug appeared first on CryptoPotato .
10 Jun 2026, 06:00
Anthropic’s Claude Mythos AI Sparks DeFi Security Debate Over Smart Contract Exploits

BitcoinWorld Anthropic’s Claude Mythos AI Sparks DeFi Security Debate Over Smart Contract Exploits The release of Fable 5, the first public iteration of Anthropic’s Claude Mythos AI model, has ignited a debate within the cryptocurrency industry regarding its potential to lower the barrier for exploiting smart contract vulnerabilities. While some experts warn of a new era of automated attacks on decentralized finance (DeFi) protocols, others argue that the most significant threats may lie elsewhere. Industry Leaders Weigh In on AI-Driven Risks Simon Dedic, founder of Moonrock Capital, raised early alarms on social media platform X, suggesting that Fable 5 could reduce the cost and technical expertise required to find smart contract flaws to nearly zero. He cautioned that unaudited DeFi protocols could become easy targets, and that vulnerabilities discovered in one project could be repeatedly exploited across numerous forked projects, amplifying potential losses across the ecosystem. Dedic’s perspective highlights a growing concern that advanced AI models could automate the discovery of coding errors, making it harder for smaller, less-resourced projects to stay ahead of malicious actors. The ability to scan and analyze vast amounts of code quickly could theoretically allow attackers to identify and exploit weaknesses faster than traditional auditing methods can patch them. Counterpoint: OpSec May Be the Real Weakness However, Curve Finance co-founder Michael Egorov offered a contrasting view, questioning whether Claude Mythos’s success in finding vulnerabilities in general software would translate directly to the specialized environment of DeFi smart contracts. Egorov argued that the complexity and unique logic of DeFi protocols may not be as easily compromised by generalized AI models. Instead, Egorov suggested that a greater and more immediate threat could emerge in the area of operational security (OpSec). He pointed to potential attacks on multisignature wallet configurations or the supply chains of front-end applications as more likely vectors for disruption. These areas often rely on human processes and third-party integrations, which could be more susceptible to social engineering or automated reconnaissance. What This Means for the DeFi Ecosystem The debate underscores a critical inflection point for the crypto industry. As AI capabilities rapidly advance, the security assumptions that underpin many DeFi protocols are being re-evaluated. The discussion is not just about whether AI can find bugs, but about how the entire security posture of the ecosystem must adapt. For developers and project founders, the conversation serves as a reminder that security is a multi-layered challenge. While smart contract audits remain essential, the potential for AI to assist both defenders and attackers means that OpSec, continuous monitoring, and rapid response capabilities are becoming equally important. Investors and users are also advised to remain cautious, particularly with unaudited or newly forked projects that may not have undergone rigorous security review. Conclusion The release of Anthropic’s Claude Mythos model has opened a new chapter in the ongoing dialogue about AI and cybersecurity in the crypto space. While the true extent of its impact on DeFi security remains to be seen, the contrasting views from industry leaders like Simon Dedic and Michael Egorov highlight the complexity of the threat landscape. The most prudent path forward for the industry involves a holistic approach to security that addresses both code-level vulnerabilities and operational weaknesses. FAQs Q1: What is Claude Mythos and Fable 5? Claude Mythos is a new AI model developed by Anthropic, and Fable 5 is the first publicly available version of this model. It is designed for advanced reasoning and code analysis tasks. Q2: How could Claude Mythos threaten DeFi security? Some experts believe the AI’s ability to analyze and find vulnerabilities in code could be used by malicious actors to automatically discover and exploit flaws in smart contracts, particularly in unaudited or forked DeFi projects. Q3: What is operational security (OpSec) in the context of DeFi? OpSec refers to the security of operational processes, such as the management of multisignature wallets, the security of front-end interfaces, and the integrity of software supply chains. Attacks on these areas can bypass code-level security measures. This post Anthropic’s Claude Mythos AI Sparks DeFi Security Debate Over Smart Contract Exploits first appeared on BitcoinWorld .
10 Jun 2026, 01:55
Humanity Offers $1M USDT Bounty for Tips Leading to Hack Recovery

BitcoinWorld Humanity Offers $1M USDT Bounty for Tips Leading to Hack Recovery Humanity (H), a cryptocurrency project, has announced a significant bounty program in the wake of a recent security breach. The project stated on X that it is offering a reward of 1 million USDT for information that leads to the recovery of stolen funds. The announcement outlines a multi-pronged strategy that includes real-time tracking of the attacker’s wallet addresses and a token buyback plan for any recovered assets. Real-Time Tracking and Industry Collaboration According to the project’s statement, the development team has built a system capable of tracking the attacker’s on-chain address and associated fund movements in real-time. This tracking data has been shared with cryptocurrency exchanges and data aggregators to help freeze or identify the movement of the stolen capital. The proactive sharing of intelligence is a standard but critical step in the crypto security playbook, aiming to limit the attacker’s ability to liquidate or launder the funds through centralized platforms. Bounty Details and Token Buyback Plan The 1 million USDT bounty is designed to incentivize whistleblowers, security researchers, and members of the broader crypto community to come forward with actionable intelligence. Humanity has specified that all funds successfully recovered through this bounty program will be used for a buyback of the H token. This mechanism is intended to offset the negative market impact of the hack and potentially restore value to token holders. The project also confirmed it is preparing a formal recovery plan for victims directly affected by the exploit. Implications for the Crypto Security Landscape This incident adds to a growing list of crypto projects that have turned to bounty programs as a recovery tool. While bounties can be effective in mobilizing community resources, they also highlight the persistent vulnerability of DeFi and blockchain projects to sophisticated attacks. The success of Humanity’s recovery effort will depend heavily on the speed of information sharing with exchanges and the willingness of the attacker to negotiate or make a mistake that reveals their identity. For investors, the announcement provides a clear signal that the project is actively working to mitigate losses, though the final outcome remains uncertain. Conclusion Humanity’s response to its recent hack combines immediate technical countermeasures with a financial incentive for information. The 1 million USDT bounty and the commitment to a token buyback represent a structured attempt to restore confidence and recover value. As the situation develops, the effectiveness of the tracking system and the cooperation of external exchanges will be key factors in determining whether the stolen funds can be returned. FAQs Q1: How does the 1 million USDT bounty work? Anyone with information that leads to the recovery of the stolen funds can claim the bounty. The project has not yet specified the exact criteria for reward distribution, but it is likely tied to the percentage of funds recovered or the critical nature of the tip provided. Q2: What happens to the recovered funds? All recovered funds will be used for a buyback of the H token, which could help support the token’s price and reduce the overall impact of the hack on the project’s ecosystem. Q3: Is there a recovery plan for individual victims? Yes, Humanity has stated it is preparing a recovery plan specifically for victims of the hack. The details of this plan have not yet been released, but it is expected to outline how affected users can submit claims or receive compensation. This post Humanity Offers $1M USDT Bounty for Tips Leading to Hack Recovery first appeared on BitcoinWorld .
9 Jun 2026, 22:10
Chainalysis: $36.7 Million Lost to DeFi Hacks in Six Months as AI Aids Exploits

BitcoinWorld Chainalysis: $36.7 Million Lost to DeFi Hacks in Six Months as AI Aids Exploits Decentralized finance (DeFi) protocols have lost at least $36.7 million over the past six months due to hacks targeting unverified smart contracts, according to a new report from blockchain analytics firm Chainalysis. The findings, cited by Cointelegraph, highlight a growing trend where attackers focus on protocols with undisclosed source code, often exploiting vulnerabilities that have existed for years. Largest Single Incident: The Truebit Exploit The most significant breach involved Truebit, a protocol designed to verify computational tasks on the Ethereum network. An attacker exploited a vulnerability in an unverified smart contract that had been deployed on Ethereum since 2021, stealing $26.2 million. This single incident accounts for more than 70% of the total losses reported in the six-month period. Other affected protocols include Trusted Volumes, Aperture Finance, and Ekubo, though details on their individual losses remain limited. AI and Decompilers: A New Era of Exploitation Chainalysis noted that recent advancements in decompiler tools and artificial intelligence are making these exploits significantly easier to execute. Smart contracts that once required days of manual analysis by specialized security experts can now be analyzed and exploited at scale using AI-driven tools. This lowers the barrier to entry for malicious actors and increases the frequency of attacks on poorly audited or unverified code. Why Unverified Smart Contracts Are a Target Unverified smart contracts lack publicly available source code on blockchain explorers like Etherscan. This obscurity was once considered a minor security measure, but the report suggests it now makes protocols a prime target. Hackers use decompilers to reverse-engineer the bytecode, identify weaknesses, and launch attacks. The Chainalysis data underscores that transparency in smart contract code is becoming a critical security requirement, not just a best practice. Implications for the DeFi Ecosystem The findings come at a time when the DeFi sector is already under intense regulatory and security scrutiny. For users, the report serves as a warning to verify whether the protocols they interact with have audited, open-source smart contracts. For developers, it highlights the urgent need for comprehensive security audits and code verification before deployment. The use of AI by attackers also signals that security teams must adopt equally advanced tools for threat detection and vulnerability assessment. Conclusion The Chainalysis report paints a clear picture: the DeFi industry is facing a new wave of sophisticated attacks enabled by AI and targeting unverified code. With $36.7 million lost in just six months and the Truebit incident alone accounting for the majority of those losses, the message is unambiguous. Transparency, rigorous auditing, and proactive security measures are no longer optional — they are essential for the survival and trustworthiness of decentralized finance platforms. FAQs Q1: What is an unverified smart contract? A: An unverified smart contract is one whose source code has not been published on a blockchain explorer like Etherscan. This makes it harder for users and security experts to review the code for vulnerabilities. Q2: How is AI being used to hack smart contracts? A: Attackers use AI-powered decompiler tools to reverse-engineer the bytecode of unverified smart contracts, identify security flaws, and automate the exploitation process at scale. Q3: What can DeFi users do to protect themselves? A: Users should only interact with protocols that have verified, publicly available smart contract code and have undergone independent security audits. Checking for recent audit reports and community feedback is also recommended. This post Chainalysis: $36.7 Million Lost to DeFi Hacks in Six Months as AI Aids Exploits first appeared on BitcoinWorld .
9 Jun 2026, 21:24
DeFi Users Warned to Revoke Approvals Before Anthropic’s Mythos AI Launches

Anthropic is reportedly set to release a public version of its Mythos AI model, and crypto analyst The DeFi Investor is urging decentralized finance users to act before that happens. The concern is based on how good Mythos is at finding software vulnerabilities, and a version of it becoming widely accessible could accelerate the speed at which attackers discover and exploit weaknesses in DeFi protocols. What the DeFi Community Needs to Do In a June 9 post on X, The DeFi Investor advised followers to revoke all token approvals, use only heavily audited dApps, and spread funds across several wallets to reduce single points of failure. For those who are not familiar, token approvals are permissions that users give to smart contracts, allowing the contracts to spend tokens on their behalf. They tend to accumulate silently over time, and they represent a standing attack surface if any approved contract is later found to be vulnerable. “What’s scary about Mythos is that it’s insanely good at finding severe vulnerabilities,” wrote The DeFi Investor. “Claude Opus 4.8 has also recently identified a critical bug for Zcash, and Mythos is supposed to be even better than Opus 4.8.” They added that DeFi will face a huge stress test in the next few months, and indeed, the Zcash vulnerability they mentioned gave a concrete illustration of this. The privacy coin lost more than 35% of its value in one day after a security researcher using AI discovered a bug in its shielded Orchard pool that would’ve allowed bad actors to endlessly mint new ZEC tokens. It saw big-time crypto investor Arthur Hayes exit his entire ZEC position, as uncertainty mounted on whether anyone might have already exploited the flaw. Mythos has been restricted since April to about 50 organizations, including Amazon, Apple, Google, and Microsoft, through an Anthropic initiative known as Project Glasswing, in an attempt to put the model’s capabilities to work for defensive purposes. According to Bloomberg, Anthropic plans to expand that circle by 150 more organizations across 15 countries. However, multiple sources, including TFTC and journalist Alex Heath, have claimed that the public version of Mythos will carry “substantial guardrails” and will not be as permissive as what Project Glasswing partners can access. A Debate DeFi Was Already Having The DeFi Investor’s security tips have come at a time when a conversation has been building around the viability of decentralized finance. In late May, OpenZeppelin co-founder Manuel Aráoz declared “all of DeFi unsafe” and said he had advised people to exit positions in major protocols, including Aave, MakerDAO, and Compound. His reason for doing that was that AI has tilted the security balance so far toward attackers that no protocol can currently be trusted to safely hold users’ funds. And truly, many crypto projects have been hit in the last few months, including attacks on KelpDAO and Drift Protocol in April, which led to the loss of more than $570 million combined. More recently, hackers reportedly siphoned at least $30 million worth of Humanity Protocol’s H token from 17 wallets. However, according to Aave Chan Initiative founder Mark Zeller, the fears about AI have been overblown, with fewer than 10% of DeFi security failures in the past year having been caused by code-level vulnerabilities. Anthropic’s own position, per Bloomberg, is that in the long run, AI will favor defenders, but “the transitional period will be fraught.” The post DeFi Users Warned to Revoke Approvals Before Anthropic’s Mythos AI Launches appeared first on CryptoPotato .
9 Jun 2026, 19:55
Sahara AI Denies Security Issues as Token Price Drops Over 60%

Sahara AI’s SAHARA token crashed by roughly 60% on June 9, triggering over $23 million in liquidations. The incident caused speculation across crypto markets, especially since it happened right around the time another protocol, Humanity, reported a breach that cost it $30 million and led to its native H token losing nearly 90% of its value. What the Team Said, And What On-Chain Data Shows After SAHARA suddenly plunged from around $0.034 to $0.014, per CoinGecko data, the team put out a post on X saying they were “aware of unusual market volatility” and that they had found no security issues in the platform’s token contracts or products. Further, they said they would provide more updates as additional information becomes available following an internal investigation. However, after some on-chain observers questioned a transfer of 600 million SAHARA tokens, suggesting it may have caused the unusual price movement, the team had to make a follow-up post explaining that the large token transfer was a pre-planned fill of a Chainlink CCIP bridge contract done to provide liquidity for its recently launched cross-chain bridge. Just as importantly, they stated that team and investor wallet allocations had not been touched on-chain and that “no team and investor tokens have been sold or moved.” The team also provided a link to an Etherscan address so that those interested could verify that what they were saying was true, adding that they were still investigating the actual cause of the market movement separately from the bridge transfer. Whether that explanation holds up to community scrutiny is another question. Data from CoinGlass shows that in the last 12 hours, $22.9 million in long positions were liquidated against only $354,000 in shorts, meaning that the vast majority of losses fell on traders who had been betting on the price going up. Sahara Down 90% From its Peak The SAHARA token got listed on Binance in June 2025, and went on to hit an all-time high of $0.1605 the following month. But at the time of writing, it was trading almost 90% below that all-time high and was down over 50% in the last seven days and almost 54% over the past month. The misfortune that hit it happened just a week after EDGE, the native token of the edgeX decentralized exchange, suddenly dropped by 71% and hit a new all-time low. And just like the Sahara team has done, the people behind edgeX also denied any security breach and, in their case, pointed to external manipulation, a claim that on-chain investigator ZachXBT publicly disputed. In a subsequent report, edgeX noted that some of the centralized exchanges where EDGE is listed blamed the token’s collapse partly on thin liquidity conditions and not large-scale selling by the team. The post Sahara AI Denies Security Issues as Token Price Drops Over 60% appeared first on CryptoPotato .








































