Token approvals often accumulate unnoticed over time, creating potential exposure if previously trusted contracts become compromised.
Anthropic is reportedly set to release a public version of its Mythos AI model, and crypto analyst The DeFi Investor is urging decentralized finance users to act before that happens.
The concern is based on how good Mythos is at finding software vulnerabilities, and a version of it becoming widely accessible could accelerate the speed at which attackers discover and exploit weaknesses in DeFi protocols.
What the DeFi Community Needs to Do
In a June 9 post on X, The DeFi Investor advised followers to revoke all token approvals, use only heavily audited dApps, and spread funds across several wallets to reduce single points of failure.
For those who are not familiar, token approvals are permissions that users give to smart contracts, allowing the contracts to spend tokens on their behalf. They tend to accumulate silently over time, and they represent a standing attack surface if any approved contract is later found to be vulnerable.
“What’s scary about Mythos is that it’s insanely good at finding severe vulnerabilities,” wrote The DeFi Investor. “Claude Opus 4.8 has also recently identified a critical bug for Zcash, and Mythos is supposed to be even better than Opus 4.8.”
They added that DeFi will face a huge stress test in the next few months, and indeed, the Zcash vulnerability they mentioned gave a concrete illustration of this.
The privacy coin lost more than 35% of its value in one day after a security researcher using AI discovered a bug in its shielded Orchard pool that would’ve allowed bad actors to endlessly mint new ZEC tokens. It saw big-time crypto investor Arthur Hayes exit his entire ZEC position, as uncertainty mounted on whether anyone might have already exploited the flaw.
Mythos has been restricted since April to about 50 organizations, including Amazon, Apple, Google, and Microsoft, through an Anthropic initiative known as Project Glasswing, in an attempt to put the model’s capabilities to work for defensive purposes. According to Bloomberg, Anthropic plans to expand that circle by 150 more organizations across 15 countries.
You may also like:
However, multiple sources, including TFTC and journalist Alex Heath, have claimed that the public version of Mythos will carry “substantial guardrails” and will not be as permissive as what Project Glasswing partners can access.
A Debate DeFi Was Already Having
The DeFi Investor’s security tips have come at a time when a conversation has been building around the viability of decentralized finance.
In late May, OpenZeppelin co-founder Manuel Aráoz declared “all of DeFi unsafe” and said he had advised people to exit positions in major protocols, including Aave, MakerDAO, and Compound. His reason for doing that was that AI has tilted the security balance so far toward attackers that no protocol can currently be trusted to safely hold users’ funds.
And truly, many crypto projects have been hit in the last few months, including attacks on KelpDAO and Drift Protocol in April, which led to the loss of more than $570 million combined. More recently, hackers reportedly siphoned at least $30 million worth of Humanity Protocol’s H token from 17 wallets.
However, according to Aave Chan Initiative founder Mark Zeller, the fears about AI have been overblown, with fewer than 10% of DeFi security failures in the past year having been caused by code-level vulnerabilities.
Anthropic’s own position, per Bloomberg, is that in the long run, AI will favor defenders, but “the transitional period will be fraught.”
Binance Free $600 (CryptoPotato Exclusive): Use this link to register a new account and receive $600 exclusive welcome offer on Binance (full details).
LIMITED OFFER for CryptoPotato readers at Bybit: Use this link to register and open a $500 FREE position on any coin!