AI-assisted hacking is no longer a distant threat for crypto. It is arriving just as DeFi is trying to convince bigger pools of capital that its infrastructure can be trusted.
DeFi has spent years arguing that code can replace middlemen. The harder question now is whether that code, and the infrastructure around it, can survive attackers using artificial intelligence to move faster, find stranger weaknesses and pressure systems that were never designed for this pace.
That is why the latest warning from Google matters well beyond the cybersecurity industry. Google Threat Intelligence Group said this week that it found what it believes was an AI-assisted zero-day exploit aimed at bypassing two-factor authentication in a popular open-source web administration tool. The company said the planned mass exploitation was disrupted before it could be used widely, but the signal is clear enough. Attackers are no longer just using AI to write phishing emails or polish malware. They are using it to help find and weaponize flaws.
For a DeFi sector with roughly $130 billion to $140 billion in total value locked, that changes the risk calculation. As Bloomberg recently noted, AI-assisted hacking is becoming a systemic concern for crypto, not just another operational headache. The market has already seen what happens when sophisticated attackers go after the parts of crypto that sit outside the audited smart contract.
On April 18, attackers linked by Chainalysis and LayerZero reporting to North Korea's Lazarus Group stole about 116,500 rsETH from KelpDAO's LayerZero bridge, worth roughly $292 million at the time. The important detail is that this was not a simple smart-contract bug. Chainalysis described it as an attack on off-chain infrastructure, where compromised RPC nodes and a denial-of-service attack helped feed false data to a single-verifier setup.
That distinction matters because much of DeFi security is still marketed around audits, formal verification and bug bounties focused on contracts. Those tools are useful. They are not enough. In the KelpDAO case, the on-chain transactions appeared valid because the system had been given a false picture of what happened on another chain. The bridge did what it was told to do. The problem was that the message itself was wrong.
LayerZero said the incident was isolated to KelpDAO's rsETH configuration and pointed to the use of a 1-of-1 Decentralized Verifier Network setup. It also said multi-DVN redundancy was the recommended configuration. That may be true, but it does not fully solve the market problem. If a bridge can hold hundreds of millions of dollars while depending on a narrow trust assumption, users and institutions will ask why that assumption was allowed to become so large in the first place.
This is the uncomfortable part for DeFi. The sector often talks about decentralization as if it is a property of the whole system. In practice, many protocols depend on hosted nodes, external providers, admin dashboards, bridges, oracles, monitoring tools and private operational processes. AI does not need to break the strongest part of the stack. It only needs to help attackers find the part where a human team made a reasonable shortcut under pressure.
Security spending has to change
The obvious response is bigger security budgets, but the money has to go into the right places. Another audit of the same smart contracts may not catch an attack on message verification, cloud permissions or failover logic. Protocols need continuous cross-chain monitoring, independent verifiers, realistic incident drills and infrastructure reviews that treat off-chain components as part of the product rather than back-office plumbing.
Insurance will also face a harder test. DeFi cover products can work when risks are bounded and clearly defined. AI-speed adversaries make that harder because the loss path may run through a vendor, a bridge configuration, a compromised node or a governance process. If policies exclude too much, users will not trust them. If they include too much without better pricing, insurers will not survive the next major exploit.
Institutional capital will be even less patient. A hedge fund or asset manager may accept smart-contract risk if it can be measured, capped and diversified. It is much harder to sell exposure to a system where a single poisoned data source can turn a valid transaction into a $292 million loss. This is where AI becomes a business issue, not just a technical one. It raises the expected cost of attack while compressing the time defenders have to react.
There is a practical lesson here for founders and protocol teams. Security can no longer be treated as a launch milestone. It has to be an operating model. Bridges need multiple independent checks by default. Admin tools need aggressive hardening. Emergency controls need clear governance before the emergency arrives. Monitoring has to watch whether economic invariants still hold, not just whether a transaction passed validation.
None of this means DeFi is finished. It does mean the sector is entering a more expensive phase of maturity. The protocols that survive will be the ones that make security visible, boring and continuous. The ones that keep relying on thin assumptions while asking users to trust billions of dollars to them will discover that AI does not have to be brilliant to be dangerous. It only has to be fast enough to find the weakness first.
Also read: Polymarket Is Turning Insider Trading Into an AI Compliance Test • The UK proved it can walk away from Palantir and save millions • Mira Murati is making AI collaboration the product
