- Two AI-aided crypto hacks netted attackers nearly $600 million combined in April 2026, occurring roughly two weeks apart.
- One affected platform failed in the aftermath; another saw a major investor exodus following the breach.
- The two incidents have refocused attention on systemic risk across the broader $130 billion crypto sector, per Bloomberg‘s reporting.
- The story was published by Bloomberg on May 15, 2026 and follows public warnings from Chainalysis and CertiK earlier this year that AI-augmented vulnerability discovery is shortening exploit timelines.
What Happened
Two separate cryptocurrency platform breaches in April 2026 — occurring just over two weeks apart — netted attackers a combined total of nearly $600 million, with both intrusions attributed in part to AI-augmented attack tooling, according to Bloomberg’s reporting on May 15, 2026. The incidents triggered an investor exodus from one major platform and pushed another into failure. Bloomberg‘s framing places the current wave in a different category from prior crypto-hack cycles by attributing AI-assisted attack tooling rather than traditional manual reverse-engineering of smart contracts.
Why It Matters
Crypto hacks at this scale have happened in every prior cycle of the industry’s history; the Mt. Gox, Coincheck, FTX, and Ronin Bridge incidents each surpassed $400 million in losses. What changes in the current wave is the input cost on the attacker side. AI-augmented vulnerability scanning compresses what previously required weeks of manual smart-contract auditing into hours. The $130 billion sector figure used in Bloomberg’s headline reflects the addressable assets-under-custody at risk if attack patterns scale.
Bloomberg’s account follows public warnings from CertiK, Chainalysis, and Halborn earlier this year that AI-augmented vulnerability discovery is shortening the time between protocol deployment and exploit by orders of magnitude. The implications for protocol design are concrete: defenders must now assume AI-augmented offense as a baseline, not an exception, when sizing audit budgets and incident-response capacity.
Technical Details
Bloomberg’s reporting indicates the April attacks occurred approximately two weeks apart and netted “almost $600 million” combined. The reporting does not name the specific large-language-model providers, agentic frameworks, or vulnerability-scanning tools the attackers used, nor does it detail which of the major exploit categories — smart-contract bug, key-management compromise, oracle manipulation, or governance-attack vector — applied to each incident. One affected platform was reported to have failed entirely in the aftermath; the second saw a withdrawal cascade that reduced its custodied assets materially.
Attribution of “AI-augmented” attack tooling typically refers to one or more of: large-language-model-based code analysis to find vulnerabilities in deployed contracts, AI-driven fuzz testing to discover edge-case state machines, or LLM-assisted social-engineering campaigns targeting protocol developers and operators. Bloomberg’s summary did not disaggregate which specific pattern applied.
Who’s Affected
Users of the two breached platforms were the immediate losers, with on-chain stolen-asset trackers like CertiK Skynet, PeckShield, and Chainalysis Reactor expected to publish recovery and laundering routes in the coming weeks. Centralized exchanges, custodians, and DeFi protocols across the sector face renewed scrutiny from auditors and insurance underwriters; expect insurance premiums for protocol coverage to widen materially in the next quoting cycle. Regulators including the SEC, CFTC, and the European Securities and Markets Authority are likely to cite the incidents in upcoming guidance on operational-risk capital requirements for crypto-asset service providers.
What’s Next
The $130 billion sector figure understates the full sector capitalization but matches the segment Bloomberg flagged as exposed to similar attack vectors. Affected platforms have not publicly identified the specific AI tooling used by attackers, which limits defensive responses to general hardening rather than vendor-specific controls. The next quarterly threat report from Chainalysis is expected to include attribution and dollar-value tallies for the two April incidents. Any AI-defense vendor — Trail of Bits, OpenZeppelin, Halborn, CertiK — that publishes a credible AI-vs-AI defense methodology in the coming months will likely capture significant audit-spend share.
