However, the two biggest incidents were not simple smart contract exploits of the type AI could construct.
In one, a North Korea-linked group drained about $285 million from Drift Protocol after a six-month social-engineering campaign that won it administrator access. For the second, the attacker exploited a single-verifier flaw that made it possible to extract around $292 million from the Kelp DAO.
Another example hit Tuesday when Humanity Protocol, a decentralized human identity service, lost over $30 million to a private key compromise. CoinDesk found that a hacker gained access to three out of six private keys on an employee’s laptop,
There’s the problem. While the most obvious smart-contract prompts may be exactly the ones Anthropic’s filters are designed to catch, the biggest losses haven’t required a contract bug.
The exploits, Ledger’s Guillemet noted, come from well-known weak spots: social engineering, poor signing flows, exposed keys and human error.
A model like Fable doesn’t need to deliver a finished exploit to change the economics of an attack. It can read public archives, compare old versions of software, summarize audit reports, and craft persuasive messages that look for the small operational errors humans miss.
“These exploits remain rooted in social engineering and human error.”
A defender in such an environment must secure every key path, every dependency, every signature stream, and every privileged account. As AI accelerates the scouting phase, the final signing step becomes more important. Private keys need to sit somewhere a compromised laptop can’t reach, and users need a reliable display that shows what they’re actually authenticating.
