A safety researcher regained entry to a Bitcoin pockets for Android after utilizing Claude, the unreal intelligence mannequin developed by Anthropic, to decrypt the eight-digit PIN that protected it.
The case was documented by Pavol Lupták, a cybersecurity specialist, who detailed the method on his X account.
Based on Lupták, A consumer requested you for assist regaining entry to their pockets within the Bitcoin Pockets software —publicly obtainable on GitHub—, the place a big quantity of BTC was saved. The one information obtainable was that the PIN was eight digits lengthy, representing 100 million attainable mixtures.
The researcher indicated that he requested Claude to research the supply code of the appliance to grasp how the pockets was encrypted. The mannequin recognized the safety mechanism and established the sequence of steps that every try should full to confirm if a PIN was the right one.
With that data, Claude wrote a program that robotically examined mixtures. Lupták factors out that, on his laptop computer, the system reached 80 makes an attempt per secondwhich is equal to between two and three weeks of guide work to exhaust all prospects.
Claude escalates assault on cloud infrastructure
Resulting from {hardware} limitations, the AI then proposed dividing the work amongst a number of distant servers. After receiving entry credentials to Hetzner Cloud (cloud improvement service), Claude autonomously provisioned 5 machinesconfigured them, divided the mixtures between the nodes and ran a program to report the progress in actual time.
Based on Lupták’s account, the PIN was discovered after 14.5 hours of operation. The researcher maintains that at no time did he overview the code generated by the AI for the algorithm or immediately entry the servers: “I solely waited for the end result, which I obtained on the primary attempt.” Claude’s complete lively time didn’t exceed half an hour.
The case is a part of a pattern that Anthropic itself has documented. In December 2025, as reported by CriptoNoticias, the corporate revealed an experiment wherein AI brokers managed to take advantage of vulnerabilities in actual good contracts on networks reminiscent of Ethereum and BNB Chain. The simulated losses have been near $550 million.
In that research, the fashions generated practical assaults in opposition to 51.1% of the 405 contracts evaluated.
Lupták concludes that Claude’s means to mix code evaluation, programming and infrastructure administration reduces the time wanted for the sort of operations from weeks to hours.
The figuring out issue, in keeping with the researcher, was not a failure of the appliance however a limitation of origin: an eight-digit PIN presents inadequate safety when the attacker has enough computing energy.
