A small group of unauthorized users accessed Anthropic's new Mythos AI model, a system the company describes as powerful enough to enable dangerous cyberattacks, Bloomberg reported on April 22, 2026, citing a person familiar with the matter and internal documentation it had reviewed.
The story confirms what crypto security teams have spent the past year warning about: as frontier AI models grow more capable, the attack surface for self-custody wallets, exchanges, and DeFi protocols expands with them. Bitcoin held at $77,518 and ether at $2,363 as of April 22, 2026, with no immediate market reaction to the report.
What Anthropic Has Said About Mythos
Per Bloomberg, Anthropic itself characterizes Mythos as so capable that it can support serious cyber operations. That language matters. Frontier labs typically downplay the offensive potential of their models, partly because acknowledging it invites regulatory pressure. When a company concedes its own product crosses that threshold, the concession is doing more work than a third-party warning would.
Bloomberg's reporting indicates the access was limited to a small group of unauthorized users, not a wide leak. Whether those users were external attackers, contractors with privileges they should not have had, or insiders has not been disclosed in the report.
Anthropic has not publicly commented on the specifics of the access incident at the time of writing. The company's existing Responsible Scaling Policy commits it to additional safeguards once a model crosses certain capability thresholds, including the ability to assist in serious cyber operations.
Why This Lands Differently for Crypto Holders
Crypto is the most direct payoff target on the internet. Unlike data theft, which requires monetization through fraud or resale, a successful attack on a hot wallet, exchange API key, or smart contract drains fungible value in minutes. That asymmetry has made crypto users disproportionate targets for every prior generation of malware.
A more capable AI lowers the cost of these attacks across the board:
- Phishing emails and Telegram messages become indistinguishable from legitimate exchange communications.
- Smart contract vulnerability discovery, currently a slow and skill-intensive job, gets compressed into hours.
- Drainer kits sold on Telegram channels gain better social engineering scripts and faster wallet interaction code.
- Personalized spear-phishing using public on-chain history (which addresses you fund, what tokens you hold) becomes trivial.
None of these capabilities are new. What changes is who can deploy them. A toolset that previously required a coordinated state-backed group becomes available to a freelance scammer with a stolen API key.
How AI Is Already Used Against Crypto Wallets
The Mythos report lands in a year where AI-assisted attacks on crypto are no longer theoretical. Chainalysis flagged a sharp rise in deepfake-based KYC bypass attempts at exchanges in 2025. Independent researchers have published proof-of-concept drainer scripts that use small open-weight models to generate persuasive social-engineering payloads at scale.
The Lazarus Group, which has stolen over $3 billion from crypto firms across the past five years, is widely understood to use generative AI for both initial-access social engineering and post-access lateral movement. The constraint on those campaigns has historically been the human time required to craft convincing messages. A frontier model removes that bottleneck.
For self-custody options and exchange custody alike, the question is no longer whether AI will sharpen attacks. It is whether defenders can keep pace.
Practical Steps if You Hold Crypto
The asymmetry between attacker capability and user behavior is what gets people drained. A few habits matter more this year than last:
- Treat any unsolicited DM, even from a verified-looking account, as hostile until proven otherwise. AI-generated impersonation is now production-grade.
- Use a hardware wallet for any holding above a few months of expenses. Air-gapped signing defeats remote drainers regardless of how clever the script.
- For day-to-day spending, consider non-custodial card products that keep keys on your device, such as MetaMask or Tria. Custodial issuers concentrate risk into a single API key that is increasingly attractive to AI-augmented adversaries.
- Audit which dApps still hold token approvals on your address. Revoke anything you have not used in six months.
None of this is a guarantee. Frontier-model attacks favor attackers because defenders have to be right every time and attackers only need to win once. Reducing your attack surface is the only durable response.
Overview
Bloomberg reports that unauthorized users accessed Anthropic's Mythos model, a system the company itself describes as capable of supporting dangerous cyberattacks. The report does not specify which targets are at risk, but crypto wallets and exchanges have been the highest-payoff destinations for every prior generation of automated attack tooling. Holders who rely on hot wallets, custodial exchanges, or weak operational hygiene face a steeper risk curve in the months ahead than they did at the start of 2026.
