AI is making crypto's security problem even worse, Ledger CTO warns

Crypto platforms — and investors — have long suffered from hacker attacks and exploits. Now, artificial intelligence (AI) is making that threat even worse.

That’s the view of Charles Guillemet, chief technology officer at crypto wallet provider Ledger, who said the economics of cybersecurity are breaking down as AI tools make it faster and cheaper to attack systems.

“Finding vulnerabilities and exploiting them becomes really, really easy,” Guillemet told CoinDesk in an interview. “The cost is going down to zero.”

His remarks come as crypto heists are in the headlines again. Just this week, Solana-based decentralized finance protocol Drift was exploited, with attackers draining $285 million worth of digital assets. It is one of the most severe exploits of the year so far. A week before that, an attack on yield protocol Resolv led to $25 million in losses.

Altogether, over $1.4 billion in assets were stolen or lost in crypto attacks over the course of the past year, according to data by DefiLlama.

From asymmetry to arms race

Security has long relied on an imbalance: it should be harder and more expensive to hack a system than the potential reward.

But AI is eroding that advantage. Tasks that once took skilled researchers months, like reverse engineering software or chaining exploits, can now be done in seconds with the right prompts.

For crypto, where code often controls large pools of funds, that shift raises the stakes.

“You need to be perfect,” Guillemet warned teams developing blockchain protocols.

The problem is compounded by AI-generated code. As more developers rely on AI tools, vulnerabilities could spread faster.

“There is no ‘make it secure’ button,” he said. “We are going to produce a lot of code that will be insecure by design.”

Raising the security bar

For crypto protocols, that means rethinking security from the ground up.

Guillemet pointed to formal verification — using mathematical proofs to validate code — as a stronger approach than traditional audits, which may miss bugs.

Hardware-based security is another layer, he said. Devices like hardware wallets isolate private keys from internet-connected systems, reducing exposure.

“When you have a dedicated device not exposed to the internet, it is more secure by design,” he said.

That approach is becoming more relevant as malware grows more advanced. Guillemet described attacks that scan compromised phones for wallet seed phrases, allowing hackers to drain funds without user interaction.

For average crypto users, Guillemet’s message is blunt: assume systems can and will fail.

“You can’t trust most of the systems that you use,” Guillemet said.

That could push more users toward cold storage, stronger operational security and keeping sensitive data offline. Even then, risks extend beyond software, including physical attacks targeting crypto holders.

Guillemet expects a divide ahead. Critical systems like wallets and protocols will invest heavily in security and adapt. But much of the broader software ecosystem may struggle to keep up.

“It’s really easier to hack everything,” he said.