Everything in the software world is moving at an incredible pace right now. Instead of spending days thinking about architecture or writing code line by line, we now just tell AI what we want and sit back. Especially on the Web3 side, deploying a smart contract in seconds is very tempting. But the bill for this speed is slowly starting to come due.

The truth is this: This practicality in the coding process has quietly paved the way for "vibe cyberattacks."

AI's Code Entrusted to AI

A hack event that occurred in recent days, resulting in millions of dollars in losses, actually represents a first in the industry. There is code written by an AI model like Claude. The strange part is that the one finding and exploiting the vulnerability in this code is also another AI bot.

So, the old era where human hackers spent days reading code and looking for vulnerabilities is closing. The unique logic errors of the AI that wrote the code are spotted in seconds by other AIs scanning the code, and they attack ruthlessly. The battlefield has been left entirely to the bots.

The "Let's Hide the Code" Panic in Crypto

This new threat level is so frightening that even experienced figures who have dedicated years to the open-source world have hit the panic button. Advice like "Close your codes to the outside this year, work closed-source" has started to be heard. Their logic is simple: Since attacking bots are faster than us, let's not show them the target openly. Let's lock the doors until we strengthen the system from the inside.

However, this idea contradicts the very heart of the DeFi (Decentralized Finance) philosophy. Isn't transparency the whole point of crypto anyway? Expecting people to entrust their money to a smart contract where they cannot see or audit the code means taking Web3 and turning it into traditional banking. That is why the other half of the industry strongly opposes this idea. According to them, hiding the code is not a solution. Instead, we have to put on-chain rate limits on contracts or develop defense systems with the same intelligence as the attacking bots.

Blind Trust in AI

Actually, at the end of the day, the biggest security vulnerability is not in the technology, but in complacency and unconsciousness. AI has given incredible power to people with great ideas but limited technical knowledge. However, this power turns into a disaster when used without understanding what is running behind it.

An incident I personally witnessed recently summarizes very well how dangerous this blind trust can be. A user developing an app on Farcaster was getting help from an AI assistant during the coding process. At one point, the assistant said the wallet's private key needed to be entered to continue the operations. The user shared this vital information with the assistant without thinking about the security risk for even a moment, and lost all the assets in their wallet within just 1-2 hours.

You need to remember that if you are writing code just by entering prompts, the attacker opposite you can also blow up that code just by entering prompts. Yes, AI makes our jobs incredibly easy, but if you do not question what you are deploying or what the assistant is asking from you, eventually that "vibe" will come and find you.

Everything in the software world is moving at an incredible pace right now. Instead of spending days thinking about architecture or writing code line by line, we now just tell AI what we want and sit back. Especially on the Web3 side, deploying a smart contract in seconds is very tempting. But the bill for this speed is slowly starting to come due.

The truth is this: This practicality in the coding process has quietly paved the way for "vibe cyberattacks."

AI's Code Entrusted to AI

A hack event that occurred in recent days, resulting in millions of dollars in losses, actually represents a first in the industry. There is code written by an AI model like Claude. The strange part is that the one finding and exploiting the vulnerability in this code is also another AI bot.

So, the old era where human hackers spent days reading code and looking for vulnerabilities is closing. The unique logic errors of the AI that wrote the code are spotted in seconds by other AIs scanning the code, and they attack ruthlessly. The battlefield has been left entirely to the bots.

The "Let's Hide the Code" Panic in Crypto

This new threat level is so frightening that even experienced figures who have dedicated years to the open-source world have hit the panic button. Advice like "Close your codes to the outside this year, work closed-source" has started to be heard. Their logic is simple: Since attacking bots are faster than us, let's not show them the target openly. Let's lock the doors until we strengthen the system from the inside.

However, this idea contradicts the very heart of the DeFi (Decentralized Finance) philosophy. Isn't transparency the whole point of crypto anyway? Expecting people to entrust their money to a smart contract where they cannot see or audit the code means taking Web3 and turning it into traditional banking. That is why the other half of the industry strongly opposes this idea. According to them, hiding the code is not a solution. Instead, we have to put on-chain rate limits on contracts or develop defense systems with the same intelligence as the attacking bots.

Blind Trust in AI

Actually, at the end of the day, the biggest security vulnerability is not in the technology, but in complacency and unconsciousness. AI has given incredible power to people with great ideas but limited technical knowledge. However, this power turns into a disaster when used without understanding what is running behind it.

An incident I personally witnessed recently summarizes very well how dangerous this blind trust can be. A user developing an app on Farcaster was getting help from an AI assistant during the coding process. At one point, the assistant said the wallet's private key needed to be entered to continue the operations. The user shared this vital information with the assistant without thinking about the security risk for even a moment, and lost all the assets in their wallet within just 1-2 hours.

You need to remember that if you are writing code just by entering prompts, the attacker opposite you can also blow up that code just by entering prompts. Yes, AI makes our jobs incredibly easy, but if you do not question what you are deploying or what the assistant is asking from you, eventually that "vibe" will come and find you.