New artificial intelligence (AI) models have shifted the cybersecurity playing field in favor of attackers, causing a “vulnerability apocalypse” that led to the resurgence in decentralized finance (DeFi) hacks, according to Mitchell Amador, the CEO of bug bounty platform Immunefi.
The proliferation of new AI models, such as Claude Opus 4.8 and ChatGPT 5.5, is the main reason that led to the resurgence in crypto hacks in 2026, Amador told Cointelegraph at the recent WAIB Summit in Monaco.
Hacking activity across the industry surged in April 2026, with illicit actors stealing more than $634 million from cryptocurrency platforms, the highest monthly total since the Bybit hack helped drive losses to roughly $1.4 billion in February 2025, according to DefiLlama data.
Total crypto hacks by monthly sum, all-time chart. Source: DefiLlama
Crypto needs to survive the next three to four years
The next three to four years will be a crucial survival period for the crypto industry, until cybersecurity teams harness the defensive capabilities of these same AI models to build “impregnable” codebases that attackers won’t be able to breach, said Amador.
This timeline could shrink to less than two years if the industry adopted more “crowdsourced security solutions” until cybersecurity researchers turn these AI models to their advantage, he added.
Amador’s comments followed the release of Anthropic’s latest Claude Mythos model, Fable 5, which sparked industry concerns over its potential ability to accelerate cryptocurrency exploits.
Anthropic said on Tuesday that Fable 5 has safeguards that reroute topics such as cybersecurity to a different model, Claude Opus 4.8.
Related: Recovery hopes fade as Kelp DAO hacker launders nearly all $220M in stolen funds
The industry has become increasingly sensitive to security risks after a string of major DeFi exploits renewed concerns about protocol vulnerabilities.
On April 19, an attacker drained about 116,500 restaked Ether (rsETH), worth roughly $290 million to $293 million at the time, from Kelp DAO’s LayerZero-powered rsETH bridge.
LayerZero said Kelp DAO’s 1/1 decentralized verifier network (DVN) setup created a single point of failure by relying on a single verifier path for cross-chain messages. LayerZero said it had previously advised against that configuration.
Magazine: The legal battle over who can claim DeFi’s stolen millions