Last week, artificial intelligence was blamed for writing buggy crypto software. This week, it was credited with finding a bug before it could be exploited. Octane Security, a self-described “AI-native security firm,” said on Wednesday its AI tool found a high-severity bug in Nethermind, software that runs the Ethereum blockchain. Nethermind fixed the bug before it could be exploited, Octane said. Nearly 40% of Ethereum validators use Nethermind, and an exploit could have caused them to miss blocks, affecting Ethereum’s liveness and availability. “This is one of the highest-stakes demonstrations yet of AI-led vulnerability research,” Giovanni Vignone, founder and CEO of Octane Security, said in a statement. “AI has dramatically accelerated vulnerability research. Bug hypotheses, exploit verification, and production-grade reports can now happen 10× faster, which rewrites the threat model for every organisation putting code onchain.” Octane’s announcement comes just five days after AI firm Anthropic rattled cybersecurity stocks with a new security tool that “scans codebases for security vulnerabilities and suggests targeted software patches for human review.” Moonwell AI has taken the tech world by storm, enabling experienced software engineers to write code faster than ever before. In crypto, it has fuelled the idea of agentic AI where programmes conduct trades independent of human beings. But it has also fanned concerns. This week, a report from Citrini Research rattled Wall Street by envisioning a future where AI has replaced human workers and nuked the world economy. The S&P dropped more than 1% on Monday as a result. Even AI developers are worried about the potential military applications of their creations, as Anthropic’s clash with the White House shows. And AI has triggered fears that the technology can be used to break cybersecurity. Some have worried it could empower hackers. Others are concerned engineers could become over-reliant on AI-written code and release buggy software. That concern came to life earlier this month, when a bug in AI-generated code cost users of crypto protocol Moonwell nearly $2.7 million in crypto. One Moonwell software engineer said the code in question had passed an audit from crypto security firm Halborn. “AI coding will become more and more prevalent, and the increasing adoption of vibe coding remains one reason why more investment in design, threat modelling, formal methods, fuzzing, and 24/7 monitoring are critical steps for every web3 team to take,” Seth Hallem, CEO at crypto security firm Certora, told DL News after the Moonwell incident. Octane’s experience suggests that investment might increasingly flow toward AI. In the run-up to the launch of Ethereum upgrade Fusaka last year, Octane joined an audit contest sponsored by Gnosis and Lido. The contest rewarded security researchers for finding bugs in Nethermind and the other so-called clients that run Ethereum. Octane partnered with pseudonymous security researcher Guhu, who reviewed potential bugs flagged by the company’s AI. Octane and Guhu submitted 17 issues, 16 of which were fixed by client teams. Nine were considered severe, and, of those, “six are believed to be unique,” the company said. They ultimately placed fourth in the contest, earning $70,633 in rewards. They also submitted the Nethermind bug to a bug bounty program run by the Ethereum Foundation. According to Octane, a hacker could sabotage validators running Nethermind by submitting a “malformed transaction.” “This could have caused sustained missed slots across all Nethermind-based proposers for as long as the malformed transaction remained in the pool,” the company said. “Exploitation would have removed that capacity from the network, causing affected validators to miss block rewards, incur inactivity leak penalties, and degrade overall network liveness and availability.” The bug was never exploited and was promptly patched. The Ethereum Foundation awarded Octane a $50,000 bug bounty, the company said. “If you are not using AI to find and fix flaws continuously, you are competing against the blackhats who are,” Vignone said. Aleks Gilbert is DL News’ New York-based DeFi correspondent. You can reach him at aleks@dlnews.com.
AI Tool Discovers High-Severity Bug in Ethereum's Nethermind Software
DL NewsShare
Summary
An AI tool from Octane Security uncovered a high-severity bug in Nethermind, an EVM client used on the Ethereum network. The flaw, related to blockchain security, was fixed before any attacks occurred. Around 40% of Ethereum validators rely on Nethermind, and a breach could have led to missed blocks. The Ethereum Foundation paid a $50,000 bounty for the discovery. Nethermind is one of several EVM clients supporting Ethereum’s operation and security.
Source:Show original
Disclaimer: The information on this page may have been obtained from third parties and does not necessarily reflect the views or opinions of KuCoin. This content is provided for general informational purposes only, without any representation or warranty of any kind, nor shall it be construed as financial or investment advice. KuCoin shall not be liable for any errors or omissions, or for any outcomes resulting from the use of this information.
Investments in digital assets can be risky. Please carefully evaluate the risks of a product and your risk tolerance based on your own financial circumstances. For more information, please refer to our Terms of Use and Risk Disclosure.