Eli Ben-Sasson, one of the people behind Zcash, spent years thinking about human adversaries. In remarks summarized by NewsData.io from The Star, he says he did not expect machine intelligence to expose a flaw that “had eluded years of expert human judgment.”
That frame matters because it shifts the security problem from “are we smart enough?” to “how does an attacker’s tooling change the timeline?” If AI can reduce the time from hypothesis to exploit, then even long-audited designs face a moving target. The risk here is not abstract. When an AI-driven method finds an issue, the attacker does not need to wait for a crack team to grind for months.
What Ben-Sasson’s comment is really pointing at
NewsData.io’s write-up is built around a single idea. Ben-Sasson worked on Zcash almost a decade ago with human adversaries in mind. Now, machine intelligence is viewed as a new adversary class that can discover weaknesses that humans missed.
The takeaway is uncomfortable for defenders. Traditional security reviews lean on expertise and process. They are slow by design. They assume novelty comes from people, not from automated systems that can iterate faster than a review cycle.
Why “wipeout” is used as the warning signal
The page that NewsData.io points to uses the phrase “wipeout” to describe a crypto token loss event. The intent is to show scale. It is also a reminder that large losses tend to act like accelerants. After a big failure, attention floods in. Attack paths that used to be niche can turn into public playbooks.
But the NewsData.io excerpt provided here does not include incident specifics, such as the token, the exploit method, the exploited contract, or confirmed loss figures. Without those details, the cautious read is this. The article is using the wipeout as proof of threat relevance, not as a fully documented postmortem.
The core security shift: from expertise to iteration speed
Ben-Sasson’s warning lands on a central security equation. If an AI system can test many variants of an attack and score results quickly, it compresses the window between “known weakness” and “exploited weakness.”
That changes what “secure enough” means in practice. It can force teams to improve monitoring and response, not only pre-launch auditing. It also increases the importance of conservative releases, tighter permissioning, and faster patch deployment, because the attacker may not wait for a formal report.
What readers should demand next
NewsData.io and The Star raise the threat, but the excerpt does not provide the incident trail. For a security reader, that is the missing piece. The confirmed items that usually clarify an AI-enabled compromise include:
- The exact entry point exploited
- Whether the exploit targeted a smart contract, an off-chain system, or a user-facing component
- The timeline from discovery to impact
- What mitigations were attempted before losses stopped
If those facts are not published, the story stays in the realm of credible fear. The right next step is documentation that separates what happened from what is suspected.
The sober implication for crypto teams
Even if Ben-Sasson’s comment is about a single insight, it signals a pattern. AI does not replace security expertise. It changes the adversary’s search strategy. The best defense is not to assume the flaw is “too hard to find.” It is to assume the attacker can iterate, then build systems that limit blast radius when something slips through.