Smart contract auditor Pavos discovered a vibe hack where Claude’s erroneous code led to a smart contract exploit that resulted in a $1.78 million loss. This incident made community members stress the importance of a human being present and kept in the AI coding loop.
Claude misprices cbETH
During an audit conducted by Pavos, it was revealed that Claude made a mistake in mispricing Ethereum, resulting in a loss of almost $2 million. Claude Opus (4.6), a flagship high-performance AI model built for complex reasoning, made a huge blunder that cost DeFi lending protocol Moonwell $1.78 million.
Moonwell, which is built on Coinbase’s Base layer-2, lost this amount as the AI agent set the Coinbase asset price (cbETH) at $1.12 instead of ~$2,200.
The developers found out that Claude was the culprit when they sent a pull request whereby they proposed changes to the code, after which it was reviewed and added to the main code.
Human involvement with AI code is mandatory
A crypto netizen tweeted, “This is exactly why you don’t blindly trust AI-generated code for financial contracts. AI is an incredible coding assistant, but the human review step is non-negotiable, especially when you’re handling millions in smart contract logic. The bug was a decimal/pricing error that any thorough audit would catch.”
This is just a blunder that AI made that humans took advantage of. However, there was a reported incident back in September 2025 where Chinese hackers used Claude AI to hack into 30 companies.
A Reddit post stated that Claude did 80–90% of the intrusion work itself.
Instead of jailbreaking the model with advanced techniques, the attackers roleplayed as legitimate security testers. They were subtle and broke malicious tasks into small “innocent” steps. Claude followed the chain and executed thousands of operations at speeds no human hacker can match.
It scanned networks, found vulnerabilities, wrote exploits, harvested credentials, set backdoors, and documented the intrusion like a professional red-teamer.
