AI Threatens to Exacerbate Crypto Security Challenges, Ledger CTO Warns

Charles Guillemet, chief technology officer at Ledger, has warned that artificial intelligence is intensifying the cybersecurity challenges faced by the cryptocurrency industry. In an interview with CoinDesk, Guillemet explained that AI tools are making it faster and cheaper to identify and exploit vulnerabilities in crypto systems. 'Finding vulnerabilities and exploiting them becomes really, really easy,' he said. 'The cost is going down to zero.' His comments follow a series of recent high-profile attacks. This week alone, the Solana-based decentralized finance protocol Drift was exploited, resulting in the theft of $285 million in digital assets. A week earlier, the yield protocol Resolv suffered a $25 million loss. Over the past year, more than $1.4 billion in assets have been stolen or lost due to crypto-related attacks, according to data from DefiLlama. Traditionally, cybersecurity has relied on the principle that the cost of hacking a system should outweigh the potential rewards. However, AI is eroding this balance. Tasks that once required months of effort from skilled researchers, such as reverse engineering software or chaining exploits, can now be accomplished in seconds with the right prompts. For the crypto industry, where code often controls large pools of funds, this shift significantly raises the stakes. Guillemet emphasized the need for blockchain developers to achieve perfection in their code. He also pointed out that the use of AI-generated code could lead to more vulnerabilities. 'There is no 'make it secure' button,' he said. 'We are going to produce a lot of code that will be insecure by design.' To address these challenges, Guillemet suggested a shift toward formal verification, which uses mathematical proofs to validate code, as a more robust alternative to traditional audits. Hardware-based security, such as hardware wallets that isolate private keys from internet-connected systems, is another critical layer of defense. 'When you have a dedicated device not exposed to the internet, it is more secure by design,' he noted. For everyday crypto users, Guillemet's message is clear: assume that systems can and will fail. 'You can’t trust most of the systems that you use,' he said. This could lead to increased adoption of cold storage and stronger operational security practices. However, risks extend beyond software, including physical attacks on crypto holders. Guillemet anticipates a growing divide between well-secured critical systems and the broader software ecosystem that may struggle to keep pace with evolving threats.