Here’s what Claude Fable 5 means for crypto and DeFi

However, the two largest incidents were not simple smart-contract exploits of the type AI could engineer.

In one, a North Korea-linked group drained about $285 million from Drift Protocol after a six-month social-engineering campaign that won it admin access. For the other, the attacker exploited a single-verifier flaw that allowed roughly $292 million to be siphoned from Kelp DAO.

Another example hit on Tuesday, when Humanity Protocol, a decentralized human-identity service, lost over $30 million to a private-key compromise. CoinDesk found that a hacker gained access to three out of six private keys on one employee’s laptop,

Therein is the problem. While the most obvious smart-contract prompts may be exactly the ones Anthropic’s filters are designed to catch, the largest losses have not needed a contract bug.

The exploits, Ledger’s Guillemet noted, come from familiar weak points: social engineering, bad signing flows, exposed keys and human error.

A model like Fable does not need to hand over a finished exploit to change the economics of an attack. It can read public repositories, compare old versions of software, summarize audit reports and draft convincing messages that look for the small operational mistakes humans miss.

“These exploits remain rooted in social engineering and human error. “

A defender, in such an environment, has to secure every key path, every dependency, every signing flow and every privileged account. Because AI accelerates the scouting phase, the final signing step becomes more important. Private keys need to sit somewhere a compromised laptop cannot reach, and users need a trusted screen that shows what they are actually approving.