Crypto’s AI threat sharpens

Artificial intelligence is lowering the cost of cyberattacks across the digital-asset industry and forcing crypto firms to rethink how they protect users, wallets and transaction systems, according to Ledger chief technology officer Charles Guillemet, whose warning lands as the sector grapples with a fresh cycle of major breaches and more sophisticated fraud.

Guillemet said AI is making hacks “cheaper and faster”, amplifying a security problem that has long shadowed crypto markets even as the industry promotes decentralisation, self-custody and transparent ledgers as strengths. His remarks come at a time when the mechanics of cybercrime are shifting from isolated coding exploits towards more scalable attacks involving social engineering, software supply-chain compromise, credential theft and the targeting of key management systems.

That change in the threat landscape is visible in the data. TRM Labs said illicit actors stole $2.87 billion across nearly 150 hacks in 2025, with infrastructure attacks involving wallets, keys and access-control systems driving the majority of losses, rather than classic smart-contract flaws alone. Chainalysis, in a separate assessment, said more than $2.17 billion had already been stolen from crypto services by mid-2025, with the year on track to become one of the worst on record for service thefts.

One reason security specialists are alarmed is that AI can now accelerate multiple stages of an attack at once. It can help criminals generate more convincing phishing messages, synthetic voices and fake support interactions, automate reconnaissance, and rapidly test malicious code or clone legitimate developer tools. Europol has warned that AI is making cybercrime more scalable and efficient by enabling attack automation, stronger social-engineering campaigns and improved evasion of security controls. Chainalysis has also pointed to a surge in AI-enabled impersonation and fraud tactics across crypto scams.

For crypto, that is especially dangerous because transactions are typically irreversible and users often act as their own final line of defence. A bank customer who authorises a fraudulent transfer may still have recourse through a central institution; a wallet holder who signs a malicious transaction often does not. That places unusual weight on interface design, transaction clarity and device security, areas where firms such as Ledger argue hardware-backed verification and clear signing are becoming more important as attackers industrialise their methods.

The industry’s vulnerability has been underlined by several headline-grabbing breaches. Reuters reported in February 2025 that Bybit lost around $1.5 billion in ether in what became the largest known crypto heist, with the FBI later attributing the theft to North Korea. This week, Drift Protocol confirmed a major exploit that TRM estimated at about $285 million, describing it as the largest DeFi hack of 2026 so far and linking it in preliminary analysis to North Korean actors. These incidents differ in mechanics, but both reinforce the central lesson that operational security and access control have become critical weak points.

That does not mean AI is only a weapon for attackers. Security firms and blockchain investigators are also using machine learning to detect suspicious wallet behaviour, identify scam patterns and flag high-risk transactions faster than manual systems can manage. Chainalysis has argued that AI-based fraud detection can help identify scammers in real time, while crypto companies are investing more heavily in anomaly detection, transaction simulation, stricter authentication layers and device-level confirmation tools.

Still, the race is uneven. Large exchanges and custodians can spend heavily on security engineering, external audits and incident response, while smaller protocols often move quickly, rely on open-source software and compete on user growth, creating incentives that can leave defences lagging behind innovation. The pace of product launches in decentralised finance, cross-chain bridges and wallet tooling has repeatedly outstripped the sector’s ability to standardise security practices.

Guillemet’s warning therefore speaks to a wider debate in crypto: whether the sector can preserve its open, permissionless character while building stronger protections against a more automated criminal ecosystem. Security specialists increasingly argue that the answer lies not in a single fix, but in layered defences — hardened key storage, better code hygiene, limits on privileged access, more transparent signing prompts, stronger employee controls and systems designed on the assumption that phishing, impersonation and software compromise will keep improving.