However, the two largest incidents were not simple smart-contract exploits of the kind AI could generate from a prompt.
In one case, a North Korea-linked group drained about $285 million from Drift Protocol after a six-month social-engineering campaign that ultimately gave it administrative access. In the other, an attacker exploited a single-verifier flaw that allowed roughly $292 million to be siphoned from Kelp DAO.
A separate incident occurred Tuesday, when Humanity Protocol, a decentralized human-identity service, lost more than $30 million after private keys were compromised. CoinDesk found that a hacker gained access to three of six private keys stored on one employee’s laptop.
That highlights the core problem. While the most obvious smart-contract attack prompts may be the ones Anthropic’s filters are designed to catch, the largest crypto losses have not required a contract vulnerability. As Ledger’s Guillemet noted, these exploits often stem from familiar weak points: social engineering, flawed signing flows, exposed keys and human error.
A model like Fable does not need to deliver a finished exploit to change the economics of an attack. It can read public repositories, compare older versions of software, summarize audit reports and draft convincing messages that expose the small operational mistakes humans often overlook.
“These exploits remain rooted in social engineering and human error.”
In that environment, defenders must secure every key path, every dependency, every signing flow and every privileged account. Because AI can accelerate the scouting phase of an attack, the final signing step becomes even more critical. Private keys need to be stored somewhere a compromised laptop cannot access, and users need a trusted screen that clearly shows exactly what they are approving.