According to Mitchell Amador, CEO of bug bounty platform Immunefi, recent artificial intelligence (AI) models have changed the cybersecurity playing field in attackers’ favor, causing a “vulnerability apocalypse” that has led to a resurgence in hacking attacks on decentralized finance (DeFi).
The proliferation of recent AI models such as Claude Opus 4.8 and ChatGPT 5.5 is the main reason that led to a renewed augment in cryptocurrency hacks in 2026, Amador told Cointelegraph during the recent WAIB summit in Monaco.
Industry-wide hacking activity spiked in April 2026, with illicit participants stealing more than $634 million from cryptocurrency platforms, the highest monthly total since the Bybit hack helped push losses to approximately $1.4 billion in February 2025, according to DefiLlama data.
Total crypto hacks by monthly total, all-time chart. Source: DefiLlama
Crypto needs to survive for another three to four years
The next three to four years will be a crucial period for the crypto industry’s survival until cybersecurity teams leverage the defensive capabilities of these same AI models to build “impregnable” codebases that attackers can’t crack, Amador said.
That timeline could be reduced to less than two years if the industry adopts more “crowdsourced security solutions” until cybersecurity researchers turn these AI models to their advantage, he added.
Amador’s comments come after the release of Anthropic’s latest Claude Mythos model, Fable 5, which raised industry concerns about its potential ability to accelerate cryptocurrency exploits.
Anthropic said Tuesday that Fable 5 has protections that redirect topics like cybersecurity to a different model, Claude Opus 4.8.
Related: Hopes for data recovery fade as Kelp DAO hacker launders almost entire $220 million in stolen funds
The industry has become increasingly sensitive to security threats after a series of major DeFi exploits reignited concerns about protocol vulnerabilities.
On April 19, an attacker siphoned approximately 116,500 reused Ether (rsETH) resources, worth approximately $290-293 million at the time, from Kelp DAO’s rsETH bridge powered by LayerZero.
LayerZero said Kelp DAO’s decentralized validator network (DVN) 1/1 setup created a single point of failure by relying on a single validator path for cross-chain messages. LayerZero stated that it had previously advised against this configuration.
Warehouse: Legal battle over who can claim stolen DeFi millions
