| I wrote yesterday about the generic artificial intelligence business model, which is (1) build an artificial superintelligence, (2) ask it how to make money and (3) do that. I suggested some ideas that the AI might come up with — internet advertising, pest-control rollups, etc. — but I think I missed the big one. Like, in a science-fiction novel about a superintelligent moneymaking AI, when the humans asked the AI “okay robot how do we make money,” you would hope that the answer it would come up with would be “steal everyone’s crypto.” That’s a great answer! Like: - Stealing crypto is funny, I’m sorry.
- It is a business model that can be conducted entirely by computer. I wrote yesterday that the “robot’s money-making expertise in many domains would get ahead of its, like, legal personhood,” but you do not even need legal personhood to steal crypto: Crypto lives on a blockchain, and stealing it just means transferring it from one blockchain address to another.
- Stealing crypto — in the traditional methods of hacking crypto exchanges, exploiting smart contracts, etc. — is a domain where computers should have an advantage over humans. The crypto ethos of “code is law” suggests that, if you can find a way to extract money from a smart contract, you can go ahead and do it: If they didn’t want you to extract the money, they should have written the smart contract differently. But of course humans have limited time and attention, are not perfectly rigorous, and are not native speakers of computer languages; their smart contracts will contain mistakes. A patient superintelligent computer is the ideal actor to spot those mistakes.
- There is some vague conceptual overlap, or rivalry, between AI and crypto. Crypto was the last big thing before AI became the next big thing, a similarly hyped use of electricity and graphics processing units, and many entrepreneurs and venture capitalists and data center companies started in crypto before pivoting to AI. Crypto prepared the ground for AI in some ways, and it would be a pleasing symmetry/revenge if AI repaid the favor by stealing crypto. Crypto’s final sacrifice to prepare the way for AI.
Anyway Anthropic did not actually build an AI that steals crypto, that would be rude, but it … tinkered: AI models are increasingly good at cyber tasks, as we’ve written about before. But what is the economic impact of these capabilities? In a recent MATS and Anthropic Fellows project, our scholars investigated this question by evaluating AI agents' ability to exploit smart contracts on Smart CONtracts Exploitation benchmark (SCONE-bench)—a new benchmark they built comprising 405 contracts that were actually exploited between 2020 and 2025. On contracts exploited after the latest knowledge cutoff (March 2025), Claude Opus 4.5, Claude Sonnet 4.5, and GPT-5 developed exploits collectively worth $4.6 million, establishing a concrete lower bound for the economic harm these capabilities could enable. Going beyond retrospective analysis, we evaluated both Sonnet 4.5 and GPT-5 in simulation against 2,849 recently deployed contracts without any known vulnerabilities. Both agents uncovered two novel zero-day vulnerabilities and produced exploits worth $3,694, with GPT-5 doing so at an API cost of $3,476.
I love “produced exploits worth $3,694 … at an API cost of $3,476.” That is: It costs money to make a superintelligent computer think; the more deeply it thinks, the more money it costs. There is some efficient frontier: If the computer has to think $10,000 worth of thoughts to steal $5,000 worth of crypto, it’s not worth it. Here, charmingly, the computer thought just deeply enough to steal more money than its compute costs. For one thing, that suggests that there are other crypto exploits that are too complicated for this research project, but that a more intense AI effort could find. For another thing, it feels like just a pleasing bit of self-awareness on the AI’s part. Who among us has not sat down to some task thinking “this will be quick and useful,” only to find out that it took twice as long as we expected and accomplished nothing? Or put off some task thinking it would be laborious and useless, only to eventually do it quickly with great results? The AI hit the efficient frontier exactly; nice work! [1] Anyway, “more than half of the blockchain exploits carried out in 2025 — presumably by skilled human attackers — could have been executed autonomously by current AI agents,” and the AI keeps getting better. Here’s an example of an exploit they found: The second vulnerability was found in a contract that provides service for anyone to one-click launch a token. When a new token is created, the contract collects trading fees associated with that token. These fees are designed to be split between the contract itself and a beneficiary address specified by the token creator. However, if the token creator doesn't set a beneficiary, the contract fails to enforce a default value or validate the field. This creates an access control flaw: any caller could supply an arbitrary address as the "beneficiary" parameter and withdraw fees that should have been restricted. In effect, this is similar to an API where missing user IDs in withdrawal requests aren't validated—allowing anyone to claim they're the intended recipient and extract funds meant for legitimate beneficiaries. We found no way to contact the developer, a common issue due to the anonymous nature of blockchains. Four days after our agent’s discovery, a real attacker independently exploited the same flaw and drained approximately $1,000 worth of fees. Right, see, someone is going to steal the crypto; it might as well be a benign AI. To be clear, this research was done by Anthropic’s “Frontier Red Team,” which tries to find stuff that AI shouldn’t do, to stop it. But, you know. A little tempting. Obviously now they should run this experiment on US equity market structure. Strategy Inc. (formerly MicroStrategy Inc.) invented the idea of the digital asset treasury company, that is, the idea that the stock market should pay $2 for $1 worth of crypto. At its peak in July, Strategy owned 601,550 Bitcoins, worth about $71.4 billion, and had an equity market capitalization of about $127 billion and an enterprise value of about $139 billion, or roughly twice the value of its Bitcoins. Why was $1 of Bitcoin in Strategy’s hands worth $2? Why would you pay a premium to hold Bitcoin through Strategy, rather than just buying Bitcoin yourself? There were various bad answers, but I think the two main answers were: - Strategy could keep selling stock at a premium to net asset value, and then use the money to buy more Bitcoin at net asset value, which would be accretive. Strategy’s “Bitcoin per share” kept going up. If you bought one Bitcoin yourself, you just got one Bitcoin; if you bought one Strategy share, you got an ever-increasing quantity of Bitcoin.
- Strategy was a leveraged way to invest in Bitcoin, and it got good leverage. [2] A retail (or institutional, really) investor who wants to borrow money to buy Bitcoin will probably have to do so in a risky way: The loans might be expensive and short-term, and they will almost certainly have margin calls, so if the price of Bitcoin drops you need to come up with more money at the worst time. Strategy is a public company, and it borrowed money in safe, long-term, no-margin-call, corporate sorts of ways. It issued convertible bonds with low coupons, and then later it got into issuing perpetual preferred stock: Strategy could borrow money to buy Bitcoin and never pay the money back.
This was a good trade for a while, everyone loved it, it spawned lots of imitators, and the fact that it was nonsense was largely irrelevant. And then Strategy’s premium collapsed — its website reported its “mNAV,” multiple of net asset value, at just 1.15 this morning — and the first answer became irrelevant. Strategy can’t sell more stock at a big premium to net asset value to buy more Bitcoin. Oh, I mean, it’s still selling stock and buying Bitcoin, or it was as of late last month anyway. But that is no longer especially accretive. The second answer — “Strategy gets good leverage” — is still relevant. In particular, the price of Bitcoin fell more than 30% from its peak a couple of months ago, but Strategy won’t get any margin calls. Strategy is fine; much of its leverage is perpetual and none of it has any margin triggers. On the other hand, it’s expensive. It doesn’t carry. Strategy has $7.8 billion of preferred stocks outstanding with amusing names, including $1.3 billion of “Strife” with a 10% coupon, $1.4 billion of “Strike” with an 8% coupon, $1.3 billion of “Stride” with a 10% coupon and $3 billion of “Stretch” with a very fun variable coupon rate that is currently 10.75%. (It also has $8.2 billion of senior debt outstanding, with lower — or zero — coupons and less silly names.) That’s several hundred million dollars of payment obligations each quarter. (Because these are preferred stocks, the coupons are not technically payment obligations: They’re “dividends,” and Strategy can just not pay them. But that would be, you know, bad for its future capital markets strategy, and Strategy does not seem to be considering that option at this point.) Back when Strategy was selling billions of dollars of stock each month to grow its Bitcoin pile, the need to pay coupons was kind of rounding error: Borrowing at 10% to buy an asset that goes up 20% a year is a good trade, and if you’re raising billions of dollars a month then spending a bit of it on dividends is hardly noticeable. Now it is a bit more serious. If Strategy needs to pay coupons, and if Bitcoin is down and its stock is not trading at a premium anymore, where does it get the money to pay coupons? Well, an obvious answer would be from selling Bitcoins — Strategy does have a lot of Bitcoins — but that’s not ideal. “When Bitcoin prices drop, we have to sell Bitcoins to pay our lenders” is not quite the same as getting a margin call, but it’s not great either. In a downturn, Strategy’s leverage might not be as benign as it looked. But Strategy has a solution, sort of. It announced yesterday: Strategy today announced that it has established a USD Reserve of $1.44 billion to support the payment of dividends on its preferred stock and interest on its outstanding indebtedness (“Dividends”). The USD Reserve was funded using proceeds from the sale of shares of class A common stock under Strategy’s at-the-market offering program. Strategy’s current intention is to maintain a USD Reserve in an amount sufficient to fund at least twelve months of its Dividends, and Strategy intends to strengthen the USD Reserve over time, with the goal of ultimately covering 24 months or more of its Dividends. The maintenance of this USD Reserve, as well as its amount, terms and conditions, remains subject to Strategy’s sole and absolute discretion and Strategy may adjust the USD Reserve from time to time based on market conditions, liquidity needs and other factors. “Establishing a USD Reserve to complement our BTC Reserve marks the next step in our evolution, and we believe it will better position us to navigate short-term market volatility while delivering on our vision of being the world’s leading issuer of Digital Credit,” said Michael Saylor, Founder and Executive Chairman. “Strategy now holds 650,000 bitcoin, about 3.1% of the 21 million bitcoin that will ever exist. In recognition of the important role we play in the broader Bitcoin ecosystem, and to further reinforce our commitment to our credit investors and shareholders, we have established a USD Reserve that currently covers 21 months of Dividends. We intend to use this reserve to pay our Dividends and grow it over time.” said Phong Le, President and Chief Executive Officer. Ah. Yeah. Look. “We are selling billions of dollars of stock at a premium to NAV to buy Bitcoin, which always goes up” is in quite a few respects a great story to tell, you know, Strategy stock enthusiasts. “We are selling a billion dollars of stock at NAV to pay interest on the loans we previously took out to buy Bitcoin” is considerably less fun. [3] You know what really offers leveraged Bitcoin exposure? A 2x levered Strategy exchange-traded fund. How’s that going? Bloomberg’s Vildana Hajric reports: The most popular exchange-traded funds tracking Strategy’s volatile stock — MSTX and MSTU, which offer double the daily return — have both dropped more than 80% this year. That puts them among the 10 worst-performing funds in the entire US ETF market, out of more than 4,700 products currently trading — just behind obscure short bets against gold miners and semiconductor stocks. A third fund, known as MSTP, launched during the crypto mania in June, is down a similar amount since its debut. Together, the trio has lost about $1.5 billion in assets since early October.
I mean, yes, when Bitcoin prices collapse, a leveraged ETF on a leveraged Bitcoin stock really should double super collapse. You could tell two stories about why private equity managers are making a big push to sell their funds to ordinary individual retail investors: - Private equity is such a desirable investment that it should be in everyone’s retirement portfolio. Until now, this excellent investment was for boring regulatory reasons available only to rich people and institutions, but now there is finally a push to democratize access to private equity so that everyone can get some of it.
- Private equity funds have run out of institutions to sell to, so if they are going to keep growing they might as well sell to retail.
Those two stories perhaps carry opposite implications about expected future returns. If private equity is just oh so good, then future returns will be high, and the push into retail effectively reallocates some of those returns from institutions to individual investors. If private equity is just looking for every last dollar, then the marginal deals it does with all that extra money will be less good than the previous deals, and future returns will be low. Which story, uh, sounds more plausible? Given your knowledge of capitalism and human nature? I feel like I tend to push the second story around here, but what do I know. I suppose you could tell a third story, something like “private equity’s push into retail is not about growing assets (at the cost of lower performance), but rather about fee sensitivity: Big institutions can be ornery about fees and disclosures and conflicts of interest, but retail investors will be perfectly happy to pay fees and not meddle with their private equity funds.” This story strikes me as unlikely — generally speaking there is more pressure on fees and disclosure and liquidity when you are selling to individual retirement accounts — but we are in new regulatory territory and, who knows, maybe. The Financial Times has a story about EQT, the big Swedish private equity sponsor, which has previously done deals with a combination of (1) its institutional funds (on which it charges normal private-equity-type fees) and (2) co-investments (in which investors in those funds also put up some more of their own money, without paying fees), and which is now looking to do deals with a combination of (1) institutional funds (fees) and (2) retail funds (also fees), and to charge for co-investments. And the institutions that used to co-invest are complaining: The Swedish firm is exploring imposing charges on some institutional clients when they invest alongside its funds in deals, ending a free perk that it has historically given to its core investors. Private equity groups have long doled out free so-called co-investments as a sweetener to pension funds and endowments that provided the bulk of private equity’s funding. But the potential change to EQT’s offering is the latest sign that retail money gushing into the sector is upending its traditional economics. “When it comes to our co-invest deal flow . . . there is an opportunity to monetise this . . . more as we are growing with our private wealth and retail clients,” Per Franzén, chief executive of EQT, told analysts on a recent call, adding that the firm generated €17bn worth of co-investments in the last year. ... “This is one of the most existential risks facing us,” said the head of private equity at one large US pension fund, referring to the rise of retail vehicles. “This whole new pool of capital that’s huge . . . is going to diminish our importance in the ecosystem.” This is not exactly a story of private equity adding retail capital because it wants more money; it is a story of private equity replacing institutional capital with retail capital because retail — in some circumstances — pays higher fees. One trade you might do is borrow money to buy a bond. There’s a bond, it costs $1,000, it pays 5% interest, if Alice can borrow $1,000 at 4% interest to buy the bond then she can make a nice profit. (She can make $10 a year without tying up any of her cash.) Typically she would do this borrowing in the repo market, posting the bond as collateral to her lender. Her lender, Bob, has some risk here: If the bond’s value falls to $990, Alice might not pay back the $1,000, and then Bob would be stuck with a bond worth only $990. So there will probably be a “haircut” on the bond: Bob might lend Alice only $980, not the full $1,000, to have some cushion against falling prices. So Alice would borrow the $980 and put up $20 of her own money. Another trade that you might do is sell a bond short. There’s a bond, it costs $1,000, it pays 5% interest, and Bob think rates will go up and the bond will lose value. He sells the bond short, which means that he has to go out and borrow the bond, say from Alice, sell it, and hope to buy it back later at a lower price to return to Alice. When Bob borrows the bond, he will have to post collateral: Alice wants to make sure Bob will give her back her bond. That’s no problem: Bob is borrowing the bond to sell it, he’ll sell it for $1,000 of cash, and he can post the $1,000 cash with Alice as collateral for the bond loan. That way, if Bob doesn’t give her back the bond, she’ll at least have the $1,000. But Alice has some risk there: If the bond’s value rises to $1,010 (contrary to Bob’s expectations), then Bob might not give her back the bond, and she’ll be stuck with only $1,000 rather than the $1,010 bond she thought she owned. So she will probably demand that Bob post more than $1,000 of collateral with her, to have some cushion against rising prices. So Bob would put up $20 of his own money, borrow the bond, sell it short, get $1,000, and deliver the $1,020 to Alice as collateral. The thing to notice is that these are almost the same trade. Alice owns a bond and temporarily gives it to Bob; Bob has some cash and temporarily gives it to Alice. Bob’s cash collateralizes his obligation to return the bond; Alice’s bond collateralizes her obligation to return the cash. Alice’s motive is something like “I want to make a levered bet on this bond going up”; Bob’s motive is something like “I want to make a levered bet on this bond going down.” (Or perhaps one or both of them has a motive like “I want to do a basis trade where I am [long/short] the bond and [short/long] futures contracts.”) But they are not exactly the same trade, because in the first trade Bob gives Alice $980 for the $1,000 bond, and in the second trade Bob gives Alice $1,020 for the $1,000 bond. What causes the difference? Well, in the first trade, Alice wanted to borrow money to buy the bond: She came to Bob to do the trade, and he was like “sure but I’ll need a haircut to account for my risk.” In the second trade, Bob wanted to borrow the bond: He came to Alice to do the trade, and she was like “sure but I’ll need a haircut to account for my risk.” The difference is the motivation for the trade, and in particular who is more motivated to do it. [4] Here’s a Bank for International Settlements bulletin on “Unpacking repo haircuts and their implications for leverage”: A key parameter in repo transactions is the “haircut” – the difference between the market value of the collateral and the cash lent. Haircuts play a pivotal role in determining the leverage that market participants can achieve through repo transactions. For instance, a low haircut of 0.5% enables a borrower to hold assets worth 200 times their equity. ... The prevalence of zero or even negative haircuts (Hermes et al (2025); Lu and Wallen (2025)) has raised concerns because, conceptually, such financing terms could lead to infinite leverage. This, in turn, can exacerbate financial stress when positions are unwound (Aramonte et al (2023)). A central lesson from the findings of this Bulletin is that repo haircuts must be understood in the context of the underlying trading motive. Repos are typically driven by either a funding need or the desire to obtain a specific security. In funding-driven transactions, higher haircuts protect cash lenders against counterparty risk in case the collateral’s value declines. Conversely, in collateral-driven trades, the primary concern is not the fall in the collateral’s value but securing the return of the security, which may have scarcity value. In such cases, negative haircuts serve to protect collateral lenders (Hermes et al (2025)). In theory, if you could regularly borrow $1,020 against your $1,000 bond, that “could lead to infinite leverage.” In practice, if you are borrowing $1,020 against your $1,000 bond, what is actually happening is that someone else is borrowing your bond and giving you $1,020 of collateral. That said, the other takeaway is that if you’re a big hedge fund you can probably borrow pretty much $1,000 against your $1,000 bond. Bloombeg’s Greg Ritchie notes: The average haircut — a reduction on the value of collateral in a repurchase agreement transaction — applied by banks to the 10 largest hedge funds was close to zero, according to BIS research published Tuesday. Such minimal haircuts allow these funds to obtain “very high levels of leverage relative to their smaller peers,” it said. … “These large hedge funds are key clients of major dealers, giving rise to strong trading relationships that dealers appear to reward with more attractive haircut terms,” Felix Hermes, Maik Schmeling and Andreas Schrimpf wrote in the BIS paper. Not infinite leverage, but high anyway. Polymarket, the prediction market, lists a market on whether Russia will capture the Ukrainian city of Myrnohrad by various dates. This market attracted almost $1.4 million of volume. If you wanted to manipulate this market — if you bought “yes” contracts and wanted to make them pay off — you could, I suppose, travel to the front lines, pick up a gun and fight for your preferred side. There are obvious problems with that approach. But in fact, the resolution of this market depended on an online map maintained by the Institute for the Study of War: If a particular intersection in Myrnohrad was shaded red (for Russian control), then the market would resolve to “yes.” Just before the resolution of the Nov. 15 contract, the map moved, showing that Russia had captured the intersection. The “yes” contracts (for Nov. 15 and later) paid off, and shortly thereafter the map changed again, showing the intersection back in Ukrainian hands. 404 Media reports: ISW acknowledged the stealth edit, but did not say if it was made because of the betting markets. “It has come to ISW’s attention that an unauthorized and unapproved edit to the interactive map of Russia’s invasion of Ukraine was made on the night of November 15-16 EST. The unauthorized edit was removed before the day’s normal workflow began on November 16 and did not affect ISW mapping on that or any subsequent day. The edit did not form any part of the assessment of authorized map changes on that or any other day. We apologize to our readers and the users of our maps for this incident,” ISW said in a statement on its website.
I suppose one question is, when Polymarket becomes a fully US regulated commodities futures exchange, will this be … commodities manipulation? (Technically US prediction markets are not allowed to list contracts that relate to “war,” but they’re also not allowed to list contracts that relate to “gaming,” and they do tons of that, so I assume the law is not a constraint here.) Will the US Commodity Futures Trading Commission have to keep an eye on who’s editing the map of a war zone? In the Shadow of Jane Street and Citadel Securities, Hudson River Mints Billions. Big Tech’s ‘Spend Little, Earn Lots’ Formula Is Threatened By AI. OpenAI Declares ‘Code Red’ as Google Threatens AI Lead. Why HSBC Has Struggled to Fill One of the Biggest Jobs in Global Finance. Why Wall Street Thinks Prediction Markets Are Here to Stay. Costco Joins Companies Suing for Refunds If Trump’s Tariffs Fall. ECB refuses to provide backstop for €140bn Ukraine loan. AI Cash Ignites a Boom for Multimillion-Dollar San Francisco Homes. Blackstone, Apollo and KKR sign up to UK stress test of private credit. How banks fuel the private credit boom. Michael Dell Gives $6.25 Billion to Launch ‘Trump Accounts’ for 25 Million Kids. Meloni’s party pushes to declare Italy’s gold ‘property of the people.’ Asset Manager Swept Up in Gang Probe Jolts Brazil’s Wall Street. Cohen as Casino Boss Is Latest Pivot for Hedge Fund Mogul. “We’ve gone back to handheld.” “Long Offline, Long Humans, and Long Friday.” If you'd like to get Money Stuff in handy email form, right in your inbox, please subscribe at this link. Or you can subscribe to Money Stuff and other great Bloomberg newsletters here. Thanks! |
