More

    Experts Caution That Advanced AI Could Trigger Hacking Crisis for Crypto and Banking Sectors

    News

    Published on:

    AI has revealed a significant vulnerability in a leading crypto network, and experts caution that banks might be the next target.

    Key Points:

    • An AI model identified a four-year-old defect in Zcash, which could have allowed for the unlimited issuance of tokens, potentially leading to a drastic selloff in the cryptocurrency.
    • This event has heightened concerns that increasingly sophisticated AI systems could uncover similar hidden flaws in both cryptocurrency networks and conventional banking software.
    • Top investors and researchers contend that AI-driven formal verification is the only sustainable long-term defense for critical financial software.

    A serious bug detected in the leading privacy network Zcash, through artificial intelligence, may signal that comparable undiscovered vulnerabilities lurk within crypto and banking software.

    What alarms the crypto community is that the flaw, which had persisted in the network for four years, was only recently discovered by Shielded Labs, a nonprofit developer involved with the privacy token system, utilizing Anthropic’s newly launched Opus 4.8 AI model. Zcash stated that the vulnerability has been «remediated,» but had it gone unnoticed, it might have permitted an attacker to generate unlimited counterfeit tokens.

    This revelation has already incited panic among the crypto community, causing the Zcash token to plummet nearly 38% within the last 24 hours. Some users even expressed on social media that «Crypto is dead. We should have pivoted to AI.»

    The pressing question now is: as AI technology advances and the world prepares for the introduction of Anthropic’s next Mythos model, which is expected to be significantly more adept at pinpointing and linking weaknesses across systems, is the security of the crypto sector at risk?

    Nevertheless, the well-known crypto venture capital firm Dragonfly (an initial investor in Zcash) and its Managing Partner, Haseeb Qureshi, have a somewhat different perspective on AI and the security of crypto. He believes that AI discovering vulnerabilities is beneficial, as it will ultimately enhance the code.

    «While AI identified this bug, AI will also provide the solution for the entire category: formal verification. I am very optimistic about this as the means to strengthen all software across the industry,» he stated in a post on X.

    While Haseeb’s firm maintains its investment in Zcash and is optimistic about AI’s role in crypto security, Ben Goertzel, the CEO of AI firm SingularityNET, informed Decryptnews that similar vulnerabilities are not exclusive to crypto security, but are likely present in the traditional banking sector as well.

    «Other cryptocurrencies are not susceptible to this specific bug, which was a straightforward logic error in the Zcash implementation,» Goertzel explained, adding that other cryptocurrencies are «definitely quite likely to have similar vulnerabilities that AI tools may uncover in the coming weeks and months.»

    Furthermore, Goertzel mentioned that «the software infrastructures of banks and other centralized entities are also very likely to contain serious bugs that AI tools could identify in the near future as well.»

    Formal Verification

    So what is a practical solution to counter this AI threat?

    Both Qureshi and Goertzel indicated that cryptographic code and global software infrastructure need to adopt «formal verification.»

    This process essentially involves «writing proofs of mathematical theorems in such a manner that these theorems can be automatically verified,» as explained by Ethereum’s co-founder Vitalik Buterin. He noted that AI-assisted formal verification could emerge as one of the most vital tools for cybersecurity, as increasingly sophisticated AI systems simplify the discovery of software vulnerabilities.

    Qureshi echoed this sentiment.

    «Formally verified cryptography cannot have implementation bugs by design,» he stated. «At present, AI is revealing vulnerabilities across all our software—browsers, operating systems, and blockchains are no exception,» he added, emphasizing that formally verified software would be the «only way forward for mission-critical software,» which Zcash has prioritized in its roadmap.

    Meanwhile, Goertzel elaborated on why developers are not yet utilizing this formal verification method to fortify their software.

    He argued that while the «Rust» programming language employed by Zcash can be formally verified, developers seldom do so because it demands additional effort. Moreover, Goertzel pointed out that core Rust libraries frequently utilize «unsafe» constructs that are challenging to verify.

    However, rewriting them for safety would slow down the software, a dilemma he indicated could be resolved through advanced techniques such as «supercompilation» to enhance performance.

    An Asymmetric Security War

    Yet, implementing these safeguards is easier said than done, according to Ronghui Gu, CEO and co-founder of security firm CertiK, who spoke with Decryptnews.

    Gu stated that defending against these threats has become an uneven struggle.

    «We are currently witnessing an AI token consumption war where hackers are highly incentivized by profit,» he remarked. «To discover an exploit, they can expend a vast number of AI tokens on a single target, such as a project or smart contract.»

    He explained that profit-driven hackers are presently engaged in a token consumption conflict, using enormous amounts of computational power to focus on individual smart contracts. Because security firms must safeguard numerous clients simultaneously, they cannot dedicate the same concentrated resources to a single target without incurring significant capital expenses.

    To mitigate this asymmetric risk, Gu stated that security firms need to integrate automated scanners directly into daily development workflows through smaller, on-demand sessions, while depending on mathematical proofs to ensure that contracts meet essential security requirements.

    For Gu, the challenge is no longer simply about identifying bugs before attackers do; it’s about rapidly scaling defenses against these vulnerabilities to keep pace with increasingly powerful AI systems.

    While the discussion regarding how to stay ahead of such vulnerabilities will likely persist, as AI evolves to become better, faster, and smarter, the question for all developers is how to ensure such incidents never occur again.

    Perhaps ZODL CEO Josh Swihart (former CEO of Electric Coin Company, a key developer of Zcash) articulated it well: «The more intriguing question is how we ensure that vulnerabilities never arise again. The best response is formal verification,» Swihart stated in his X article titled «Never Again.»

    Related

    © Decrypt News. All Rights Reserved