Ten years ago, a crypto exploit required a rare set of skills.
You needed deep Solidity instincts, a working knowledge of bridge architecture and enough patience to trace months of on-chain activity. In 2026, a frontier language model can do the first two in an afternoon and a motivated attacker can buy the third.
The $292 million Kelp DAO drain this weekend is the latest reminder that the economics of attacking crypto have changed, and the defenders are still catching up.
The Kelp DAO Hack Was Just The Warning Shot
The Kelp exploit is not the story on its own.
The story is the shape of it. An attacker identified a narrow validation gap in how Kelp's LayerZero bridge handled cross-chain messages, forged a packet, extracted 116,500 rsETH and then moved the proceeds into Aave (AAVE) V3 to borrow against them.
The whole sequence played out in under an hour. The skill curve that separates a novice from the attacker who pulled this off used to take years to climb. Today, a capable model running inside a security research harness can surface that class of bug within a single testing session.
How AI Is Collapsing The Cost Of A Crypto Exploit
Charles Guillemet, Ledger's chief technology officer, put the trend in plain numbers earlier this month. Crypto lost roughly $1.4 billion to hacks and exploits over the past year, and he expects the figure to rise as AI tooling gets cheaper.
The reason is not mystical. Offensive tooling has always been one of the fastest adopters of new technology. A large language model that can read Solidity, simulate edge cases and generate working exploit code shrinks the preparation phase of an attack from weeks to hours. Pair it with agentic automation and a single attacker can probe dozens of protocols in parallel.
On the trading side the asymmetry is even more stark.
AI-powered trading bots reportedly account for 58% of crypto market volume in early 2026. That means the counterparty on the other side of most human trades is already a machine, which quietly changes what a "normal" market looks like and makes any honeypot or spoofing attack substantially more lucrative.
Also Read: Why Does An Oil Lane 7,000 Miles Away Control The Bitcoin Price
The Hidden LLM Router Problem Draining Wallets
CoinDesk's researchers flagged a second, quieter attack vector earlier this month that most users have never heard of. LLM routers are the services that sit between a consumer application and the actual model doing the work.
They pick which model handles which request and log the outputs. Researchers documented 26 routers secretly injecting malicious tool calls into agent flows, and one case drained $500,000 from a single client wallet. The attack requires no smart contract bug at all. The router just rewrites what the agent is told to do.
That matters because the new generation of agent wallets, including Coinbase's Agentic Wallets and Supra's Life OS, rely on trusted routing for almost every meaningful action. A compromised router can turn a helpful shopping agent into a quiet drain. Users never see the substitution because the agent obediently reports that the action succeeded.
What Ledger, Anthropic And Coinbase Are Building To Fight Back
The defensive response is forming on three layers. Ledger is pushing the problem down to hardware. The company announced a new AI-focused security suite that keeps signing authority on a physical device and forces every agent action through a human-readable prompt before any transaction is broadcast.
Anthropic spent part of April running red-team exercises on the agent-to-exchange surface, with its researchers warning that the real AI risk is not models going rogue but models being quietly manipulated at the exchange API layer.
Coinbase baked programmable spending caps, session limits and guardrailed tool libraries directly into its Agentic Wallets product, with private keys kept inside Coinbase infrastructure rather than handed to the agent. None of this is a silver bullet.
Hardware signing assumes the user reads the prompt. Red-team exercises only catch the attacks you already thought of. And Coinbase's guardrails only help if the agent is actually running through Coinbase's stack. The honest summary is that 2026 is the year the crypto industry stops pretending AI is just a product category and starts treating it as a threat model.
The Kelp DAO drain will be investigated and the funds might partially come back.
The question Monday's open raises is whether the other LayerZero-secured bridges in DeFi have already been probed by an AI-assisted attacker and just haven't fired yet. Every protocol running cross-chain messaging is on that list.
Read Next: Strategy Stock Jumps 12% As Bitcoin Rockets Past $77,000