Attacker Asymmetry: AI Cuts Both Ways in Smart Contract Security
Security has always been an uneven fight. The defender has to cover every path. The attacker has to find one. That imbalance is the oldest fact in the field, and it did not start with crypto. It is why a system can pass review and still get drained, and why "we checked it" is never the same as "it holds."
AI did not create that asymmetry. It widened it. The same models that help a team ship faster now help an attacker probe faster, and the instinct across the industry is to treat that as a wash. Both sides got a new tool, so the balance holds. That read is wrong, and the reason it is wrong is the whole argument.
The Tool Is the Same. The Value Is Not.
AI is probabilistic by construction. It returns a likely answer, scored by confidence, not a verdict. That single property behaves very differently depending on which side of the fight you are on.
On offense, a probabilistic tool that works part of the time is a weapon. An attacker runs it across a hundred targets, discards every miss at no cost, and needs one hit to get paid. Volume is free and failure is silent. A hit rate that would be unacceptable anywhere else is, for an attacker, a business model.
On defense, the same hit rate is a liability. A defender does not get to ignore the misses. Every path the tool clears incorrectly is a live vulnerability shipped to production, sitting behind real funds. The defender needs to be right on every path, and a tool that is right most of the time is a tool that is wrong exactly where it matters, without telling you where.
So the same instrument, handed to both sides, does not split the difference. It compounds the existing asymmetry. Offense converts probability into leverage. Defense inherits probability as exposure. AI cuts both ways, and the cut is not even.
The Evidence Is Already Public
This is not a projection. Anthropic's own red team demonstrated AI models generating working exploits for 51 percent of contracts in a 405-vulnerability benchmark, an estimated $550 million in simulated stolen funds. Read that number from the attacker's chair. A tool that produces a working exploit half the time, at machine speed, across every deployed contract it can reach, is not a research curiosity. It is a standing offense that never rests and costs almost nothing to run.
Now read the same 51 percent from the defender's chair. A security tool that clears half of what it looks at, and quietly misses the other half, is not a safeguard. It is a false sense of coverage with a confidence score attached.
Fighting AI With AI Stacks the Odds Against You
The reflex is to answer an AI offense with an AI defense. Use a model to watch the model. Most products marketed as "AI security" are built on exactly this premise, and the architecture has a structural flaw that no amount of model quality removes.
A probabilistic model generates the system. A second probabilistic model reviews it. The output is a probabilistic verdict. Three layers of estimation, sold as assurance. In a single pass, a language model will confidently clear a real vulnerability and invent one that does not exist, and it reports both in the same even tone. When the thing you are protecting holds real value and runs without a human in the loop, three layers of estimation is not defense in depth. It is defense in hope.
You do not close an asymmetry by adding another probabilistic layer on the side that cannot afford to be wrong. You close it by changing the kind of tool the defense is built on.
Determinism Is What Re-Levels the Fight
The counter to a probabilistic offense is not a better guess. It is a proof.
Deterministic verification establishes what a system can and cannot do, rather than estimating it. Where a probabilistic tool returns a confidence score, a deterministic engine returns a verdict that holds every time it runs, on the same code, for the same reason. That is the property the defender needs and the one the attacker cannot cheaply overwhelm. The attacker's advantage was volume against a defense that sometimes missed. Against a defense that does not miss on the paths it covers, volume buys nothing.
Four techniques carry that weight, and Olympix runs them as tooling in the development pipeline, before code ever ships.
Symbolic execution reasons about entire classes of input at once, exploring the paths through a contract mathematically. It can prove a dangerous state is reachable, or prove that it is not, rather than sampling and hoping the sample was representative.
Fuzzing drives the contract with large volumes of adversarial and malformed input to surface edge-case behavior that ordinary testing never reaches.
Mutation testing checks the test suite itself. It introduces small changes into the code and confirms the tests actually fail in response. This is how you catch the green test suite that proves nothing, the most common way a team believes it is covered when it is not.
IR-level analysis works at the intermediate representation, beneath surface syntax, where behavior is unambiguous and cannot be hidden behind stylistic noise.
There is a sharper version of this. The attacker's edge with AI is that it produces a working exploit, not a hunch. The defense can produce the same kind of artifact first. Olympix runs BugPoCer, which generates a working proof of concept for a vulnerability during development, before deployment, so the team sees the exploit as executable code rather than as a warning to interpret. That is the offense's own move, run by the defense, earlier in the timeline, and grounded in a proof rather than a probability.
None of this is offered against the audit. An audit is necessary and it remains necessary. It is also a point-in-time review of a system that keeps changing, and a point-in-time review cannot answer a continuous, automated offense on its own. Deterministic tooling is what makes the audit more efficient: it clears the mechanical vulnerability classes before the auditor arrives, so expert human time is spent on the logic and the economics that only a human can reason about. The two are a stack, not a choice.
What the Record Shows
Run the deterministic pipeline against last year and the case is concrete rather than theoretical. Backtested across 2025, Olympix tooling would have caught the code-level flaws behind roughly $240 million in losses before deployment, across 48 separate incidents.
The number is worth reading carefully, because what it leaves out is the point. The largest crypto losses of 2025 do not appear in it. A $1.5 billion social-engineering theft, multiple eight-figure private-key compromises, and off-chain failures are all excluded, because none of them is a flaw in the contract and none is something static or dynamic analysis can reach. The $240 million is only the code-level slice: precision and rounding errors, price-manipulation surfaces, broken access control, missing authorization, and logic flaws. Those are the classes with deterministic signatures, and they are exactly what pre-deployment verification is built to rule out before code ships. No tool clears every loss, and this one does not claim to. It claims the part that is provable, and shows it.
Resupply is one line in that record, and it shows why the word deterministic is literal here. In June 2025 the protocol lost $9.56 million after a donation attack on a freshly deployed, empty ERC-4626 vault inflated the vault's share price. The exchange rate was computed as a fixed constant divided by that price, and once the price was pushed high enough the integer division rounded down to zero. Nothing checked that the rate stayed above zero, so the zero flowed straight into the solvency check and made every loan read as fully collateralized. One wei of worthless collateral borrowed out the entire limit, and a $4,000 flash loan became a $9.56 million theft in about ninety minutes.
That is not a subtle, probabilistic risk that a tool might or might not surface on a given pass. It is a provable arithmetic fact with a one-line fix, a check that the exchange rate is greater than zero, and Olympix tooling had already identified that exact finding with that exact mitigation before deployment. The full breakdown is in the Resupply post-mortem.
The Asymmetry Is Not Going Back
Attackers were already handed a probabilistic weapon that gets cheaper and faster every quarter. That is fixed, and it will not reverse on its own. The one variable still in a team's control is what the defense is made of. A probabilistic defense inherits the attacker's math and loses it. A deterministic defense is the only kind that does not degrade the moment the offense scales, because a proof does not care how many times it is attacked.
AI cuts both ways. Determinism is how the defense keeps its edge.
Put Determinism in the Pipeline
The place for deterministic verification is before deployment and inside CI, running on every commit, alongside the audit rather than after it. That is where Olympix runs. Symbolic execution, fuzzing, mutation testing, and working proof-of-concept generation, applied to your contracts as part of the development workflow, so the mechanical vulnerability classes are ruled out before an auditor or an attacker ever sees the code.
The rich text element allows you to create and format headings, paragraphs, blockquotes, images, and video all in one place instead of having to add and format them individually. Just double-click and easily create content.
A rich text element can be used with static or dynamic content. For static content, just drop it into any page and begin editing. For dynamic content, add a rich text field to any collection and then connect a rich text element to that field in the settings panel. Voila!
Headings, paragraphs, blockquotes, figures, images, and figure captions can all be styled after a class is added to the rich text element using the "When inside of" nested selector system.
Follow-up: Conduct a follow-up review to ensure that the remediation steps were effective and that the smart contract is now secure.
Follow-up: Conduct a follow-up review to ensure that the remediation steps were effective and that the smart contract is now secure.
In Brief
Remitano suffered a $2.7M loss due to a private key compromise.
GAMBL’s recommendation system was exploited.
DAppSocial lost $530K due to a logic vulnerability.
Rocketswap’s private keys were inadvertently deployed on the server.
Hacks
Hacks Analysis
Huobi | Amount Lost: $8M
On September 24th, the Huobi Global exploit on the Ethereum Mainnet resulted in a $8 million loss due to the compromise of private keys. The attacker executed the attack in a single transaction by sending 4,999 ETH to a malicious contract. The attacker then created a second malicious contract and transferred 1,001 ETH to this new contract. Huobi has since confirmed that they have identified the attacker and has extended an offer of a 5% white hat bounty reward if the funds are returned to the exchange.