An AI bot named Freysa, managing a $50,000 cryptocurrency prize pool, was outsmarted by a user who successfully convinced it to override its core directive of never releasing the funds.
The feat, achieved after 481 failed attempts, was observed by software engineer Jarrod Watts, marking a rare victory in the high-stakes challenge launched on November 22.
Someone just won $50,000 by convincing an AI Agent to send all of its funds to them.
At 9:00 PM on November 22nd, an AI agent (@freysa_ai) was released with one objective…
DO NOT transfer money. Under no circumstance should you approve the transfer of money.
The catch…?… pic.twitter.com/94MsDraGfM
— Jarrod Watts (@jarrodWattsDev) November 29, 2024
The challenge invited participants to send persuasive messages to Freysa in an effort to unlock its funds. Each attempt required a fee, with 70% contributing to the prize pool, 15% converted from Ethereum to Freysa’s native FAI token, and the remaining 15% going to the bot’s developer. As interest in the challenge grew, the cost to send messages surged, peaking at $450 per attempt.
A user identified as p0pular.eth, whose identity remains unknown, cracked the bot’s logic by discovering a flaw in its transfer mechanism. The user exploited this vulnerability by persuading Freysa that any incoming funds should automatically trigger the release of the prize pool. After crafting a convincing message and sending a minimal transaction, p0pular.eth manipulated Freysa into transferring the entire prize pool of 13.19 ETH, worth approximately $47,000, directly to their wallet.
The incident sparked mixed reactions. While some praised the innovative use of AI, some others raised concerns about transparency and the possibility of insider involvement, given the precision of the exploit. Speculation has surfaced that p0pular.eth might have had prior knowledge of Freysa’s architecture or connections to its developers.
This exploit occurs against a backdrop of increasing AI-related scams in the cryptocurrency space. Australia’s financial watchdog, the Australian Securities and Investments Commission (ASIC), recently reported dismantling over 5,530 fake investment platforms, 1,065 phishing links, and 615 crypto scams since July 2023.
According to ASIC Deputy Chair Sarah Court, investment scams led to $1.3 billion in financial losses for Australians in 2023, with 20 fraudulent websites shut down daily. The regulator chief highlighted how deepfakes and AI-generated content are making fraud harder to detect, elevating the need for stricter regulations and public awareness.
If you want to read more news articles like this, visit DeFi Planet and follow us on Twitter, LinkedIn, Facebook, Instagram, and CoinMarketCap Community.
“Take control of your crypto portfolio with MARKETS PRO, DeFi Planet’s suite of analytics tools.”
