# Can DeFi Survive Mythos? *Author: David Christopher* *Published: Apr 10, 2026* *Source: https://www.bankless.com/fr/read/can-defi-survives-mythos* --- **It's funny.** Institutions are finally arriving onchain, and the thesis that decentralized lending becomes the default primitive for financial applications has never been more credible. And yet, plenty of crypto-natives are shrinking from DeFi or pulling out altogether. The risk factor continues to outpace the reward, and the events of the past ten days have only made it worse. ## Mythical Threats As most know by now, on April 1, attackers drained roughly $285 million from Drift Protocol, a Solana-based perps exchange, in about ten minutes.  [Security firms attributed the attack](https://x.com/DriftProtocol/status/2040611161121370409?s=20) with medium-to-high confidence to UNC4736, a North Korean state-sponsored hacking group. The group didn’t execute a flash loan exploit or an oracle manipulation. It’s suspected they conducted a six-month intelligence campaign, embedding operatives, depositing $1 million of their own capital, before gaining privileged access to Drift's internal systems. Though this isn’t the first North Korean-led attack, it represents a new level of social engineering. Then, on Tuesday, [Anthropic disclosed Mythos Preview](https://www.anthropic.com/glasswing), its most powerful AI model to date. Mythos can autonomously discover and exploit zero-day vulnerabilities in real software and claims to have already found thousands of high-severity bugs across every major operating system and browser, including a decades-old flaws that survived millions of automated tests. > Anyone have good Anthropic connectWe would love to test mythos on Uniswap, the most used DeFi protocol [https://t.co/SYc2teiinR](https://t.co/SYc2teiinR)— Hayden Adams 🦄 (@haydenzadams) [April 10, 2026](https://twitter.com/haydenzadams/status/2042455429020627293?ref_src=twsrc%5Etfw) These capabilities emerged from improvements in general reasoning and coding. Anthropic did *not* train it for hacking. Anthropic says that given these abilities, it will not be publicly releasing this model out of the gate; Anthropic is sharing it only with select partners through a program called Project Glasswing so they can patch vulnerabilities before attackers use them. ![](https://storage.ghost.io/c/e4/b7/e4b77544-5a37-4f0b-8824-8440aa348476/content/images/2026/04/data-src-image-9f0c0217-a304-46f9-9731-6d03fd701f13.png)*via [Anthropic](https://www.anthropic.com/glasswing)* The implication for DeFi is direct. The cost of finding exploitable vulnerabilities in smart contracts and protocol infrastructure is about to collapse: it cost Mythos $50 to find the 27-year-old issue.  Last December, Anthropic published a report showing that leading models could already crack over 55% of real smart contract exploits from scratch, up from 2% one year prior. Mythos operates at a different scale entirely. When exploit discovery gets this cheap, the economics of attacking DeFi protocols shift in ways we’ve never had to account for. [Claude Cracks Smart Contracts on BanklessBreaking down Anthropic’s new report on everyday LLMs correctly simulating 55% of exploits, up from 2% a year ago, and without any training.![](https://static.ghost.org/v5.0.0/images/link-icon.svg)BanklessDavid Christopher Dec 5, 2025 • 4 min read![](https://storage.ghost.io/c/e4/b7/e4b77544-5a37-4f0b-8824-8440aa348476/content/images/thumbnail/claude-cracks-smart-contracts-1764969372.png)](https://www.bankless.com/read/claude-report-smart-contracts-exploits) ## Risk Mispricing $11.8 billion sits in Morpho vaults today. Much of that capital arrived through Coinbase, Kraken, or similar interfaces, and the depositors earning modest 2-4% APY likely may be thinking of these as a type of savings account, but these are far from risk-free. > Anthropic Mythos taking a first look at DeFi protocols. [pic.twitter.com/ieHmLpuShb](https://t.co/ieHmLpuShb)— mattytay (@mattytay) [April 9, 2026](https://twitter.com/mattytay/status/2042286635128397912?ref_src=twsrc%5Etfw) In vaults, like those on Morpho, capital gets deployed across multiple pools and protocols by a third-party curator who determines which assets are permitted, how much leverage is acceptable, when to rebalance, when to exit, etc. The quality of the curator's judgment is what separates a well-run vault from catastrophe. ![](https://storage.ghost.io/c/e4/b7/e4b77544-5a37-4f0b-8824-8440aa348476/content/images/2026/04/data-src-image-5e253768-1ace-4538-8e5e-51afe5635f22.png)*via [Morpho](https://app.morpho.org/vaults)* Given the complexity of these strategies, even well-managed vaults expose depositors to more risk than a traditional lending pool.  M0 founder [Luca Prosperi](https://dirtroads.substack.com/p/68-the-physics-of-on-chain-lending), who publishes the Dirt Roads newsletter, used the same models banks use to price corporate bonds to test whether depositors are being fairly compensated for these risks. He concluded that, for lending markets backed by ETH or BTC, lenders should earn 2.5% to 4% per year above a US Treasury. Major Morpho markets pay a fraction of that. Layer on nation-state espionage and superpowered AI vulnerability discovery as additional risk vectors, and the juice stops being worth the squeeze. > rates in DeFi are too low for the level of risk$11.7B sitting in Morpho vaults today at 2-4% APY. retail is funding these markets via exchanges thinking it's a savings account. it's not. they're taking real credit risk on crypto-collateralized lendingno institution accepts… [pic.twitter.com/E6WlXnsf1W](https://t.co/E6WlXnsf1W)— Santiago R Santos (@santiagoroel) [April 6, 2026](https://twitter.com/santiagoroel/status/2041280267181232551?ref_src=twsrc%5Etfw) ## Can Insurance Help? Onchain insurance has existed for years. The first and longest-standing protocol, [Nexus Mutual](https://nexusmutual.io/), launched in 2019. As of late 2022, less than [1% of DeFi's TVL](https://threesigma.xyz/blog/infrastructure/defi-insurance-guide-risks-rewards) is covered by insurance protocols while, as of 2026, Nexus Mutual has only paid out [$18.6M in total claims](https://app.nexusmutual.io/claims) across its entire history. Crypto lost [$3.4B to hacks in 2025](https://www.chainalysis.com/blog/crypto-hacking-stolen-funds-2026/) alone. ![](https://storage.ghost.io/c/e4/b7/e4b77544-5a37-4f0b-8824-8440aa348476/content/images/2026/04/data-src-image-1e4dd77b-c684-482b-8983-84b5491d113d.png)*via [Nexus Mutual](https://app.nexusmutual.io/claims)* Why? Here are the three main reasons: - Premiums of 2-5% annually eat into or exceed the yield users are earning, so depositors skip it. - Coverage is narrow. Nexus Mutual covers smart contract bugs and oracle failures, but not phishing, operational compromises, or team malfeasance – increasingly dominant attack vectors. [Last year's $1.5B Bybit hack](https://www.bankless.com/read/the-1-4b-hack-that-safenet-was-built-to-prevent) wouldn't have been covered. Neither would Drift's. - And there's a data problem. Traditional insurers have centuries of loss history to price against. DeFi has about ten years. Protocols change with every upgrade, and there's no standardized way to measure how likely a given smart contract is to fail. Yet, in the past week there's been a new iteration on insurance. [OpenCover,](https://x.com/OpenCover/status/2039721567169483046?s=20) a distribution layer built on top of Nexus Mutual, just introduced a product called Covered Vaults, designed around these failures and built specifically for vaults. > [https://t.co/a9biYngnBb](https://t.co/a9biYngnBb)— OpenCover (@OpenCover) [April 2, 2026](https://twitter.com/OpenCover/status/2039721567169483046?ref_src=twsrc%5Etfw) The mechanics are straightforward – deposit into a vault as you normally would, receive the token representing your share, then stake that token with Covered Vaults to activate protection. A small insurance premium is automatically deducted from your yield. You don't pay it separately or upfront; it streams from what the vault earns for you. If a covered loss event occurs, a hack or protocol failure, you're made whole up to the coverage limit. Toggle it off whenever you want. There are no lockups, no renewals. Current capacity is $50M per vault. That's real, but small relative to the billions deployed. And the threat vectors described above, nation-state operations and AI-powered vulnerability discovery, push against the boundaries of what any model built on historical loss data can confidently price. > This is interesting, since it's like a credit-default swap (CDS) layered on top of an onchain lending vault, but with protection against protocol failure, rather than counterparty default (which is what worries people with overcollateralized lending). The UX here is pretty… [https://t.co/3eGtRhywUb](https://t.co/3eGtRhywUb)— Antonio García Martínez (agm.eth) (@antoniogm) [April 4, 2026](https://twitter.com/antoniogm/status/2040503437117575609?ref_src=twsrc%5Etfw) ## The Uncomfortable Math The sad reality of DeFi right now is that the depositor earning 2-4% on a vault position is taking quantifiable risk that dwarfs the yield – and this was true before we learned about the Drift attack or the Mythos Preview potential. The question is how do we proceed given the growing existential threats.  The first is getting Mythos-class models into the hands of defenders. There's no excuse for leading AI firms to leave crypto companies out of the loop in early previews when the attack surface is so tantalizing to cyber criminals and nation state attackers. Building on that, the silver lining here is symmetry. It’s more likely this issue of security will be a cat-and-mouse game of attack and defense abilities chasing each other. Coupling this with insurance protocols like OpenCover, which I’m optimistic about, could provide DeFi a legitimate safety net which helps us scale and become a more battle-hardened decentralized financial foundation.