While criminals are increasingly using AI-powered solutions to defraud crypto users, blockchain security researchers celebrate "the first known instance of an AI uncovering a multi-million-dollar bug on mainnet."
Sherlock, an audit provider and smart contract vulnerability research platform, said that its recently launched AI solution helped a smart contract security researcher find a critical vulnerability affecting $2.4m in an unspecified live lending crypto protocol.
The vulnerability allowed users to withdraw more than permitted from the protocol’s total reserves. What's more, even users with a zero balance could do this.
"By automating micro-withdrawals to exploit the rounding error, an attacker could systematically extract the protocol's entire reserve balance," Sherlock noted.
The vulnerability, which could have been used to extract $2.4m from the protocol's reserves through repeated exploits and cause all withdrawals and borrows to fail, has since been fixed.
However, some commenters on the X platform noted that executing multiple transactions under such conditions would be very risky, and transaction costs might also be high.
Jack Sanford, CEO and co-founder of Sherlock, agreed that it wouldn't be an attack where the entire $2.4m is stolen in a single block.
"It's more a determination that a material % of the $2.4m could be stolen over a realistic time period before a team could reasonably react, with assumptions about future gas prices, etc.," he added.
In either case, according to the research platform, their AI has already found "more than 18 High/Critical vulnerabilities – many of which existed in code that had already been audited."
Pablo Sabbatella, a blockchain-focused operational security researcher, reacted to the news, calling it "a new era for cybersecurity" before issuing a word of warning.
"But let's not forget that threat actors will also start using these tools. Hunt, or be hunted," he said.
Your email address will not be published. Required fields are markedmarked