Immunefi CEO: New AI sparked ‘vulnerability apocalypse’ in crypto
Immunefi CEO Mitchell Amador warned at WAIB Summit that AI models including Claude Opus 4.8 and ChatGPT 5.5 helped drive a DeFi hack surge, with $634M stolen in April 2026.
At the WAIB Summit in Monaco, Immunefi CEO Mitchell Amador warned that new AI models have produced a ‘vulnerability apocalypse’ that contributed to a rise in decentralized finance hacks. Industry data show attackers stole more than $634 million from cryptocurrency platforms in April 2026.
Amador told attendees that advanced AI has lowered the technical barrier for attackers, allowing faster discovery and exploitation of protocol flaws. April’s losses were the largest monthly total since February 2025, when reported thefts reached about $1.4 billion.
He referenced the release of Anthropic’s Fable 5 and noted the company routes cybersecurity topics to Claude Opus 4.8 as a safeguard. He added those safeguards have not yet prevented attackers from using AI-assisted tools to probe and exploit code.
On April 19, an attacker drained about 116,500 restaked Ether (rsETH), worth roughly $290 million, from Kelp DAO’s LayerZero-powered rsETH bridge. LayerZero attributed the breach to Kelp DAO’s 1/1 decentralized verifier network, which created a single point of failure, and reported it had previously advised against that configuration.
Security firms and platform operators reported an increase in complex exploit techniques, including cross-chain manipulation and quicker discovery of logic flaws. Defenders described attack patterns that combine automated reconnaissance, generated exploit scripts and rapid deployment, capabilities that can be amplified by large language models and specialized AI tooling.
Immunefi and other security stakeholders urged teams to accelerate code audits, harden bridge and verifier designs and expand incentives for independent researchers. Amador outlined a timeline in which the next three to four years will determine whether teams can adopt AI-powered defenses and harden codebases, and said the timeframe could shrink to under two years if the industry widely adopts crowdsourced security measures such as bug bounties and vulnerability disclosure programs.
Industry participants are monitoring how AI providers implement safeguards and how security teams repurpose AI for defensive use. Provider-level routing and on-chain changes such as multi-verifier setups, tighter protocol configurations and faster incident response are among the measures being adopted.
The material on GNcrypto is intended solely for informational use and must not be regarded as financial advice. We make every effort to keep the content accurate and current, but we cannot warrant its precision, completeness, or reliability. GNcrypto does not take responsibility for any mistakes, omissions, or financial losses resulting from reliance on this information. Any actions you take based on this content are done at your own risk. Always conduct independent research and seek guidance from a qualified specialist. For further details, please review our Terms, Privacy Policy and Disclaimers.
Articles by this author
