Grego AI Finds $27.7M Blockchain Flaw, Wins $250K Bounty

Grego AI, a startup founded in 2024, autonomously identified a vulnerability in a major blockchain protocol that could have allowed a $27.7 million theft. The affected protocol awarded a $250,000 bug bounty for the finding.

The company described its platform as a multi-agent system called Deep Invariant Analysis. The platform ingests a protocol’s full codebase, builds dependency maps across the architecture and deploys sandboxed agents that synthesize and test potential attack paths.

According to the company, agents examine more than seven layers of dependencies, search for sequences of interactions that can be missed by auditors and generate proof-of-concept exploits inside isolated environments to verify whether a vulnerability is real. The sandboxing is designed to prevent testing on live networks and avoid actual loss.

Grego AI reported that no human designed the exploit or guided the analysis; the system found and verified the flaw autonomously.

The startup has previously reported critical vulnerabilities in several high-profile ecosystems, including Ethereum and Chainlink, which the company noted had undergone multiple rounds of professional auditing. The company reports it ranks number one among AI security tools on the bug bounty platforms Immunefi and Hackenproof based on successful submissions and measured impact.

Grego AI’s public profile lists founders with backgrounds including a noted bug bounty hunter and a mathematics prodigy. The startup counts Vercel CEO Guillermo Rauch among its backers.

The $250,000 bounty compares with the $27.7 million at risk. The company described the payout as roughly a 110x return on the bounty investment for the protocol.

The disclosure reflects the use of automated tools in blockchain security reviews and describes an autonomous workflow that combines full codebase analysis, dependency mapping and sandboxed exploit verification.