Artificial intelligence is driving down the cost and difficulty of cyberattacks on crypto platforms, Ledger CTO Charles Guillemet said.
Hacks and exploits caused $1.4 billion in crypto losses over the past year, and AI will likely make it worse.
AI-generated code and increasingly sophisticated malware demand a shift toward formal verification, hardware-based security and offline storage, Guillemet said, and users should assume many systems will eventually fail.
“Finding vulnerabilities and exploiting them becomes really, really easy,” Guillemet told CoinDesk in an interview. “The cost is going down to zero.”
His remarks come as crypto heists are in the headlines again. Just this week, Solana-based decentralized finance protocol Drift was exploited, with attackers draining $285 million worth of digital assets. It is one of the most severe exploits of the year so far. A week before that, an attack on yield protocol Resolv led to $25 million in losses.
Altogether, over $1.4 billion in assets were stolen or lost in crypto attacks over the course of the past year, according to data by DefiLlama.
From asymmetry to arms race
Security has long relied on an imbalance: it should be harder and more expensive to hack a system than the potential reward.
But AI is eroding that advantage. Tasks that once took skilled researchers months, like reverse engineering software or chaining exploits, can now be done in seconds with the right prompts.
For crypto, where code often controls large pools of funds, that shift raises the stakes.
“You need to be perfect,” Guillemet warned teams developing blockchain protocols.
The problem is compounded by AI-generated code. As more developers rely on AI tools, vulnerabilities could spread faster.
“There is no ‘make it secure’ button,” he said. “We are going to produce a lot of code that will be insecure by design.”
Raising the security bar
For crypto protocols, that means rethinking security from the ground up.
Guillemet pointed to formal verification — using mathematical proofs to validate code — as a stronger approach than traditional audits, which may miss bugs.
Hardware-based security is another layer, he said. Devices like hardware wallets isolate private keys from internet-connected systems, reducing exposure.
“When you have a dedicated device not exposed to the internet, it is more secure by design,” he said.
That approach is becoming more relevant as malware grows more advanced. Guillemet described attacks that scan compromised phones for wallet seed phrases, allowing hackers to drain funds without user interaction.
For average crypto users, Guillemet’s message is blunt: assume systems can and will fail.
“You can’t trust most of the systems that you use,” Guillemet said.
That could push more users toward cold storage, stronger operational security and keeping sensitive data offline. Even then, risks extend beyond software, including physical attacks targeting crypto holders.
Guillemet expects a divide ahead. Critical systems like wallets and protocols will invest heavily in security and adapt. But much of the broader software ecosystem may struggle to keep up.
Most crypto privacy models weaken as blockchain data grows. Encryption-based models like Zcash strengthen. CoinDesk Research maps the five privacy approaches and examines the widening gap.
Why it matters:
As blockchain adoption scales, the metadata available to machine learning models scales with it. Obfuscation-based privacy approaches are structurally degrading as a result. This report provides a comprehensive comparison of all five major crypto privacy architectures and a framework for evaluating which models remain durable as AI capabilities improve.
Developers are considering ways to quantum-proof the world’s oldest cryptocurrency as the threat of this computing moves beyond a hypothetical.
What to know:
Google researchers say a sufficiently powerful quantum computer could break Bitcoin’s core cryptography in under nine minutes, raising concerns that such a threat could emerge as soon as 2029.
Developers are exploring multiple defenses, including removing on-chain public keys (BIP 360), adopting hash-based post-quantum signatures like SPHINCS+, and using a…
