The AI security arms race
AI has fundamentally changed the safety landscape of cryptography, putting sophisticated attack tools in the hands of pirates which were once exclusive to defenders. Mitchell Amador, CEO of immunity, explained during Token2049 in Singapore that the discovery of vulnerability has become an almost instant exploitation. The advanced audit tools that his company has developed are no longer exclusive to security teams.
“If we have that, can the North Korean group Lazarus build similar tools?” Amador asked. “The answer is that they can.” This creates a disturbing symmetry where well -funded hacking operations now have access to capacities that surpass most traditional audit companies.
Social engineering becomes a mass market
Perhaps more worrying, this is how AI has made sophisticated attacks on social engineering incredibly cheap. Amador underlined the phishing calls generated by the AI which can pretend to be colleagues with disturbing precision. “You can execute it for money with a well -thought -out prompt system, and you can execute them en masse. This is the frightening part of the AI.”
The magnitude of organized hacking operations is amazing. Groups like Lazarus probably use “at least a few hundred guys, if not probably thousands of people working 24 hours a day” on crypto exploits as a major source of income for the economy of North Korea. Recent intelligence reports have noted that the competitive pressures of annual income quotas are pushing agents to protect individual assets rather than coordinating safety improvements.
Bug bonuses have reached their limits
Immunefi facilitated more than $ 100 million in payments to White-Hat pirates, but Amador told Decrypt that the platform had “reached the limits” because there are no “eyeballs” to provide the necessary coverage in industry. The constraint is not only the availability of the researcher – Bug bonuses are faced with a gaming problem with a null intrinsic sum which creates perverse incentives for both parties.
Researchers must reveal vulnerabilities to prove that they exist, but they lose all leverage once disclosed. Immunefi reduces this by negotiating complete contracts which specify everything before the disclosure occurs. Dmytro Matviiv, CEO of Hackenproof, has offered a more optimistic view, noting that new researchers join platforms each year and quickly progress from simple results to complex vulnerabilities.
The attack surface expands beyond the code
While the safety of intelligent contracts has matured, the most devastating exploits are increasingly bypassing the code. The hacking of $ 1.4 billion at the beginning of this year highlighted this change, the attackers compromising the frontal infrastructure to replace legitimate multi-Sig transactions rather than exploiting a vulnerability of intelligent contract.
“It was not something that would have been taken with an audit or a bug bonus,” said Amador. “It was an internal compromise infrastructure system.” Despite improvements in traditional security fields, the industry “is not so hot” on multi-Sigs security, spear phishing, anti-scam measures and community protection.
Immunefi launched a multi-signs security product which attributes Elite white pussy hackers to manually examine each significant transaction before execution, which would have attracted the attack on Bybit. But Amador admitted that it was a reactive rather than preventive measure.
Early detection becomes critical
Effective security requires capturing vulnerabilities as soon as possible in the development process. Amador described a cost hierarchy that increases considerably at each stage: “Bug Bounty is the most expensive second, the most expensive being the hack.”
Immunefi’s response was to integrate AI directly into the GitHub standards of developers and CI / CD pipelines, catching vulnerabilities before the code reaches production. Amador predicts that this approach will trigger a “precipitated drop” in the hacks DEFI within one to two years, potentially reducing incidents by another order of magnitude.
While the severity of hacking remains high, Amador noted that “the incidence rate drops and that the level of severity of most bugs drops, and we are attracting more and more of these things in the previous stages of the cycle”.
When asked what unique security measure each project should adopt, Amador called for a “unified security platform” bearing several attack vectors. Fragmented security essentially requires projects to “do research yourself” on products, limitations and workflows.
“We are not yet in the point where we can manage billions of billions and billions of assets,” concluded Amador. “We are just not quite there at prospecting hours.” The industry is continuing its unequal progress, 2024 becoming the worst year for hacks despite improving code safety, as hacking models follow predictable mathematical distributions making inevitable incidents only inevitable rather than animal.
