Claude Mythos may pose more immediate risk to multisig key security than to DeFi, Curve Finance founder Michael Egorov says.
Michael Egorov, the founder of Curve Finance, sees concerns over Anthropic’s Claude Mythos, a controversial AI created to find zero-day software exploits, as a distraction from the real issues in the crypto space.
In a Tuesday post on X, Egorov said he had seen fears that Claude Mythos was allegedly being released “today or tomorrow” and that “everything” would get hacked.
The Curve Finance founder argued that success against browsers and the Linux kernel doesn’t automatically mean the same result for decentralized finance code. Egorov wrote:
“I suspect that we should not directly translate its success in detecting bugs in browsers and Linux Kernel to smart contracts. The software where Mythos found something is containing tens of millions lines of code and simply cannot fit the context.”
Claude Mythos Preview, a cyber-focused AI system from Anthropic, has drawn attention after Anthropic said it found vulnerabilities in large open-source systems including the Linux kernel, Firefox, Chromium and OpenBSD.
Read also: OpenAI Files Confidential IPO Paperwork. What You Need to Know
The San Francisco-headquartered AI company said Mythos was able to write local privilege escalation exploits in Linux, though its own report said defense-in-depth measures prevented some exploit paths from working fully.
But smart contracts are much smaller, Egorov argues, often running to only a few thousand lines of code. That means both human reviewers and existing AI tools can already fit the code into context and reason through it, he added.
No Safe Place for DeFi
The Curve founder says he’s mainly concerned about operational security, adding that there will likely be many attacks in the crypto industry that seem to target multisig keys, as well as frontend attacks.
DeFi has already encountered such threats. Curve Finance, which provides DeFi trading services, has experienced frontend issues apart from smart contracts vulnerabilities.
For instance, last year, that Curve’s website was hit by a domain-related frontend attack, with Egorov warning at the time about coordinated “for-hire” hackers targeting crypto projects.
Egorov said those frontend and OpSec attacks are “way less dangerous in true DeFi,” meaning protocols where the core contracts remain accessible and users can still interact directly with on-chain systems even if a website or operational setup is hit.
Read more: BitMEX Co-Founder Says AI Bubble Could Drag Bitcoin Price Lower
