DeFi users are warned to cancel approvals before the launch of Anthropic Legend AI

Token authentications are often collected unnoticed, creating vulnerabilities if previously trusted contracts are breached.

Anthroponic is reportedly about to release a public version of its Mythos AI model, and crypto analyst The DeFi Investor has urged decentralized finance users to act before that happens.

The risk depends on how good Mithos is at finding software vulnerabilities, and having a version of it widely available will speed up the speed at which attackers can find and exploit weaknesses in DeFi protocols.

What should the DeFi community do?

In a June 9 post on X, Diffie Investor advised followers to cancel all token approvals, use only highly audited dApps, and spread their funds across multiple wallets to minimize single points of failure.

For those unfamiliar, token approvals are permissions users give to smart contracts, allowing the contracts to issue tokens on their behalf. They tend to accumulate quietly over time, and represent a standing attack surface if any approved contract is later found to be vulnerable.

“What's scary about Mythos is that it's great for getting serious exposures,” writes Diffie Investor. “Claude Opus 4.8 also recently identified a critical bug for Zcash, and Mithos is expected to be better than Opus 4.8.”

They added that DeFi will face a major stress test in the next few months, and indeed, the Zcash vulnerability they mentioned provided concrete evidence of this.

The privacy coin lost more than 35% of its value in a single day after a security researcher using AI discovered a bug in a protected garden pool that allowed bad actors to generate an infinite supply of new ZEC tokens. Big-time crypto investor Arthur Hayes has seen his ZEC exits due to uncertainty over whether anyone could exploit the flaw.

Mythos has been limited since April by an anthropogenic initiative called Project Glasswing, which includes Amazon, Apple, Google and Microsoft, to harness the model's capabilities for defensive purposes. According to Bloomberg, Anthroponic plans to expand that circle to 150 more organizations in 15 countries.

You may also like:

However, multiple sources, including TFTC and journalist Alex Heath, told Mythos that the official version contains “significant safeguards” and does not allow as much access as Project Glasswing's partners.

Debate DeFi was already there

The DeFi investor's security advice comes at a time when discussion is building around the feasibility of decentralized finance.

In late May, OpenZeppelin founder Manuel Araoz declared “all of DeFi insecure” and advised people to get out of positions in major protocols including Aave, MakerDAO, and Compound. This is because AI has so far tipped the security balance towards attackers that no protocol can be trusted to hold users' money securely.

And indeed, many crypto projects have been hit in the past few months, including attacks on KelpDAO and Drift Protocol in April, which resulted in over $570 million in losses. Hackers recently allegedly siphoned off at least $30 million worth of Humanitarian Protocol H tokens from 17 wallets.

However, according to Mark Zeller, founder of the AveChan Initiative, fears about AI are overblown, with less than 10% of DeFi security failures last year attributable to code-level vulnerabilities.

Anthroponic's own position, per Bloomberg, is that it supports AI defenders in the long term, but that “the transition period will be long.”