Nearly 100% of recent DeFi attacks involved AI, according to Carjuzaa.
Today, an auditor is not so relevant, but passing the code through AI tools, points out Carjuzaa.
«I think that in the coming months this is going to hit very hard and we are going to see it in governments of third world countries, hospitals, armies, police stations, SMEs, it is going to be wild. And this possibly comes with a new wave of ransomware. This is how Maximiliano Carjuzaa, co-founder of Money On Chain (MOC), described the increase in hacks and attacks using artificial intelligence (AI) that he projects for the near future, particularly with Mythos, a new AI model developed by Anthropic.
In an exclusive interview with CriptoNoticias, carried out on May 23 within the framework of Bitcoin Week in Uruguay, Carjuzaa’s warning comes after April recorded at least 34 hacks that resulted in losses of approximately USD 635 milliona figure that at the end of that month represented almost 80% of all stolen funds in 2026.
Carjuzaa places AI as the dominant factor behind this acceleration:
I believe that close to 100% of the attacks that we have seen in the last two months are carried out using AI to a greater and lesser extent, either to discover how to attack, to code the smart contract or the transaction that will be the attack.
Maximiliano Carjuzaa, co-founder of Money On Chain.
Carjuzaa added a dimension about the scope of the risk of Anthropic’s new model: “Mythos has found thousands of zero-day vulnerabilities in browsers, operating systems, so it is not DeFi that is exposed, It is the world that is exposed”. A zero-day vulnerability is a flaw unknown to the manufacturer of the affected software, meaning that no patch is available at the time it is discovered or exploited.
However, unlike what happened with Anthropic’s Mythos, which the company released in a trial version to a few companies (Google, JPMorgan, Microsoft, among others), Carjuzaa maintained that “what happened in April is that artificial intelligence (the rest of the models from Anthropic, OpenAI, Gemini, Grok, among others), being available to everyone, caught most of the projects off guard… The developers did not have any room for maneuver for the things they already had deployed.”
The failure that five audits did not see
The AI is not only on the attack side. Carjuzaa also reported that it was precisely a tool of this type that found a vulnerability in MOC that had survived five human safety audits and seven years of production.
The attack could be done on a part of the software that had passed five audits, that had been in production for 5 years, that had been reviewed by thousands of hackers… and when we found it it was a thing of, no, we couldn’t believe that the AI would have had the capacity to do the 5,500 turns in the air that had to be done.
Maximiliano Carjuzaa, co-founder of Money On Chain.
The vulnerability in question was not exploitable under normal conditions, said Carjuzaa, who also estimated that the probability of the conditions occurring needed was one in ten million.
The entire process, from detection to full diagnosis, took about a minute with an OpenAI AI tool and smart contract development system:
You can do that in a minute by downloading the tool and saying, ‘Look at this repository to see where I can attack it.’ And in a minute you have the report on how, what conditions have to be met and how to carry out the attack.
Maximiliano Carjuzaa, co-founder of Money On Chain.
After the discovery, the team stopped the protocol for the first time in seven years, doing so for security reasons, publicly reported what happened, corrected the flaw and relaunched the system. MOC is a decentralized finance (DeFi) protocol built on Rootstock (RSK), the sidechain of Bitcoin.
Time as the only real indicator of security
MOC’s experience led Carjuzaa to reformulate the audit equation of its protocol. «Before, the protocols out there spent more money on auditing than on development. Today that equation changes completely. Today it is no longer so relevant that you have an auditor who looks at your code, but rather that you have passed the code through all those artificial intelligence tools«.
The team’s time looking at how we can break the project versus the time we spend building it should be 9 to 1.
Maximiliano Carjuzaa, co-founder of Money On Chain.
And even with the tools available, the co-founder of MOC maintains that the most reliable security indicator continues to be the time under real exposure: «What gives the most security to a protocol is time. When you had software running for months, years, where you already know that everyone tried to throw everything at it and couldn’t break it, well, okay, in that protocol it says that you can trust.
The tension that the set leaves open is the same one that runs through the entire ecosystem: the tools that allow security teams to find their own flaws before being attacked are the same ones that attackers already use. The speed of adoption on both sides is, for now, the variable that defines who arrives first.