S&P Global: Crypto Hacks, Quantum Threats, and AI Attacks Are Converging Into a Credit Risk Crisis

The $200 Million Threshold: Crypto's Expanding Attack Surface

Every one of the ten largest cryptocurrency hacks in history has produced losses exceeding $200 million. The most recent entry on that list — the February 2025 breach at Bybit — resulted in $1.5 billion in losses when hackers compromised multi-signature access at the Dubai-based exchange. The Ronin Network breach in 2022 cost $615 million after attackers gained access to private validator keys. Poly Network lost $610 million when a hacker exploited a vulnerability in its smart contract system.

These are not outliers. They reflect structural vulnerabilities across three categories of crypto infrastructure that S&P identifies as custodial, programming, and operational risk.

Custodial risk covers centralized exchanges and wallets, which hold private keys and thus control access to digital assets. Centralized exchanges act as intermediaries between traditional and decentralized finance, and their scale makes them high-value targets. Crypto wallets, whether constantly connected to the internet or stored offline, face threats ranging from phishing and malware to physical theft. When private keys are compromised, asset losses are often irreversible.

Programming risk arises from the smart contracts that power decentralized finance platforms and exchanges. These contracts execute automatically based on embedded rules, but coding errors create exploitable vulnerabilities. A further complication involves oracles, which are the mechanisms that feed external data — price feeds, weather data — into blockchain systems. Attackers can corrupt oracle inputs to manipulate contract outputs. Because many DeFi protocols interconnect, a vulnerability in one can propagate through others, as when a lending protocol accepts collateral from a second protocol with a flawed smart contract.

Operational risk includes utility disruptions — power outages, connectivity failures — and regulatory fragmentation. Inconsistent global enforcement creates jurisdictional weak points. Where regulators respond to growing threats with stricter compliance requirements, the resulting fines or operational restrictions raise the credit risk crisis.

The integration of decentralized and traditional finance compounds all of these risks. S&P has rated Sky Protocol and Strategy Inc., both digital-asset entities, and more than 35 debt instruments issued and managed on blockchain networks. For these instruments, cyber incidents — hacks, outages, ransomware attacks — can disrupt issuance, settlement, and coupon payments. The report frames this directly: cyber risk in crypto is financial risk, because vulnerabilities frequently result in permanent asset loss.

Quantum Computing: The Clock Is Already Running

Quantum computers capable of breaking current encryption do not yet exist at scale. But the cyber risk they pose is not theoretical. Attackers are already collecting encrypted data today in anticipation that quantum algorithms will eventually break it — a strategy known as "harvest now, decrypt later."

The cryptographic systems at risk include RSA and Elliptic Curve Cryptography, which currently protect IT systems, financial transactions, online communications, and authentication processes across virtually every industry. These algorithms rely on mathematical problems that classical computers cannot solve in practical timeframes. Quantum machines use qubits in superposition, allowing them to explore many possible solutions simultaneously and solve factorization problems far faster. Without a transition to post-quantum cryptography, the encryption protecting today's sensitive data will be vulnerable to future decryption.

NIST published post-quantum cryptography standards in 2024 and plans to phase out quantum-vulnerable cryptography by 2030, mandating a full transition by 2035. The challenge is execution. Current cryptographic protocols are embedded across thousands of specialized systems — manufacturing execution platforms, payment terminals, medical device networks, connected vehicles, supply chain authentication. Replacing them requires coordination not just within an organization but across vendors, partners, and entire connected ecosystems.

The sector-specific consequences vary significantly. In financial services, quantum computing could enable interception and decryption of payment and settlement messages, including SWIFT communications, with cascading effects across credit markets. In telecommunications, harvested call and text records could eventually expose sensitive government and infrastructure communications at scale. In manufacturing, quantum-enabled forgery of authenticated production commands could introduce systematic defects leading to recalls and liability claims. In pharmaceutical supply chains, authentication record forgery could enable counterfeiting.

S&P explicitly frames the near-term quantum threat as a governance and transition management challenge rather than a technical one. Organizations that fail to catalogue their cryptographic dependencies and begin the migration process are accumulating risk that will compound as quantum capabilities mature. The report notes that a hybrid period is likely during the transition, with classical and post-quantum algorithms running simultaneously to maintain compatibility across systems that gain quantum resistance at different rates.

Beyond the cryptography-breaking threat, quantum computing will also accelerate cyberattacks by enabling faster optimization of attack paths through complex networks, faster malware modification to evade detection, and faster brute-force password attacks. Defenders' detection and response windows would narrow accordingly. These capabilities remain future risks, contingent on the development of large-scale, fault-tolerant quantum systems. But the harvest-now threat is already present, and the transition to post-quantum cryptography must be substantially complete before fault-tolerant quantum computing arrives.

AI and the OpenClaw Wake-Up Call

In January 2026, widespread breaches hit OpenClaw, an open-source agentic AI system designed to run on personal hardware and act autonomously. Attackers exploited the system's susceptibility to prompt injection — malicious instructions embedded in communications that the agent treated as legitimate — causing it to execute unauthorized commands and exfiltrate confidential data. The breach was compounded by a default trust of all local host connections that enabled authentication bypass, while sensitive security information stored in plain text files exposed the system to infostealer malware.

The incident illustrates the central tension S&P identifies in agentic AI: the features that make AI agents genuinely useful — broad file access, cross-system command execution, external service integration — also create attack surfaces when governance is insufficient. And as AI systems gain more autonomy, that surface expands.

Prompt injection has developed into several distinct attack vectors. Direct injection, or jailbreaking, involves attackers inputting commands that override safety policies, often through role-playing scenarios. Indirect injection embeds malicious instructions in documents, emails, or websites that an AI processes during normal operation — in one documented case, instructions hidden in a Reddit post directed a browser to steal a Gmail password. Retrieval-augmented generation poisoning targets the knowledge bases that LLMs draw on, corrupting source documents or manipulating search results to skew model responses persistently. Multimodal injection hides instructions in images or audio, bypassing text-only safeguards. Session poisoning encodes malicious intent gradually across multi-turn interactions, enabling trigger-based behavior that is harder to detect than system-wide manipulation.

AI also dramatically lowers the cost and raises the volume of more traditional attacks. Phishing campaigns become more sophisticated and more personalized at scale. Code generation tools accelerate the production of malware and create new risks when AI-generated code, including flawed AI-generated code, propagates across systems through "vibe coding" — the use of generative AI to produce code that is then copied or regenerated without adequate review.

On the defensive side, AI provides meaningful advantages. It can correlate data across millions of endpoints simultaneously, identifying anomalies that human analysts would miss and cutting response times from hours to milliseconds. AI-based systems can model normal behavior at the user, network, and application level, flagging deviations before compromises occur. Continuous automated red-teaming can probe infrastructure around the clock for vulnerabilities.

Governance Failure as a Credit Event

The governance section of S&P's analysis carries the most direct credit implications. The report describes three failure modes, each with distinct risk profiles.

The first is restrictive governance leading to shadow AI. When organizations impose excessive controls, employees route around them using consumer tools outside corporate security perimeters. A single unauthorized AI assistant with database access, email permissions, and code execution capability can operate entirely outside corporate security frameworks — exposing the organization to risks that do not appear in its disclosed risk profile.

The second is weak governance leading to shadow governance, which the report treats as more serious than unauthorized AI use. When AI systems make consequential decisions without explicit policies governing their decision-making, data access, and action scope, model architecture and vendor defaults substitute for organizational policy. In regulated industries, AI-mediated decisions may not satisfy requirements for human oversight, explainability, or auditability.

The third is absent governance producing escalating autonomy. A system that begins as a Q&A interface can accumulate database access, then email permissions, then code execution rights through incremental expansions that each appear reasonable in isolation. The cumulative attack surface grows with each addition, and the risk often goes unmeasured until an incident forces an audit.

Edge AI — intelligence running directly on devices, vehicles, and industrial systems — introduces an additional layer of complexity. Unlike centralized cloud AI, edge deployments consist of thousands of distributed devices with different operating systems making real-time decisions. Long-lasting edge devices create a permanent and expanding attack surface that frequently outlasts their security support structures. Compromised edge AI can cause immediate physical harm before digital safeguards can respond, creating product liability and safety risks that compound the credit exposure.

S&P's assessment is direct: organizations with extensive AI deployment but weak governance are accumulating hidden liabilities. For companies prioritizing AI governance as a foundational management pillar from the start, the question is positioning. For those accumulating ungoverned risk, the question is when and how that liability will surface.

Cyber Preparedness as a Rating Factor

The report documents specific cases where cyber incidents have already affected credit ratings. Change Healthcare, the claims processing platform operated by UnitedHealth, suffered an outage that disrupted payments across the healthcare sector and contributed to two downgrades. Jaguar Land Rover's cyber incident materially affected production and sales, leading to a negative outlook. The City of Hamilton, Ontario, was downgraded from AAA to AA+ after a February 2024 cyberattack delayed the reconciliation and compilation of audited financial statements.

In each case, the credit impact traced to disruption of core operations, slow recovery due to weak risk management, or significant financial damage. S&P's framework evaluates the extent of business disruption, the efficacy of management response, the effect on key credit metrics, and the organization's ability to absorb direct financial losses. Interviews with management teams inform assessments of incident response capability and likely remediation effectiveness.

Indicators of inadequate cyber preparedness, as S&P describes them, include insufficient investment in emerging technologies and defenses, the absence of a formal cyber risk framework, unclear management responsibility for cyber risk, and the lack of a comprehensive incident response plan. Technology architecture and staffing structures also factor into assessments of how quickly disruption can be contained.

The convergence of crypto expansion, quantum development, and AI deployment means that organizations across asset classes and sectors are simultaneously navigating three distinct threat frontiers, each with its own timeline and preparedness requirements. Managing credit risk in that environment requires treating cyber preparedness not as a compliance function but as an ongoing operational priority with direct financial consequences.