Bitcoin 
Ethereum 
XRP 
Tether 
BNB 
Solana 
USDC 
Lido Staked Ether 
TRON 
Dogecoin 
Cardano 
Wrapped stETH 
Chainlink 
Wrapped Beacon ETH 
Hyperliquid 
Wrapped Bitcoin 
Ethena USDe 
Wrapped eETH 
Stellar 
Sui 
Bitcoin Cash 
Avalanche 
Hedera 
WETH 
LEO Token 
Litecoin 
Toncoin 
USDS 
Shiba Inu 
Binance Bridged USDT (BNB Smart Chain) 
WhiteBIT Coin 
Coinbase Wrapped BTC 
Uniswap 
Polkadot 
Ethena Staked USDe 
Cronos 
Bitget Token 
Monero 
Aave 
Dai 
Ethena 
Pepe 
Mantle 
OKB 
Ethereum Classic 
Bittensor 
NEAR Protocol 
Aptos 
Jito Staked SOL 
Ondo 
Arbitrum 
Pi Network 
Binance-Peg WETH 
Internet Computer 
USD1 
BlackRock USD Institutional Digital Liquidity Fund 
Kaspa 
Algorand 
POL (ex-MATIC) 
VeChain 
Cosmos Hub 
Gate 
Binance Staked SOL 
Rocket Pool ETH 
Fasttoken 
Pudgy Penguins 
Jupiter Perpetuals Liquidity Provider Token 
sUSDS 
Kelp DAO Restaked ETH 
Render 
Worldcoin 
BFUSD 
Sei 
Story 
StakeWise Staked ETH 
Official Trump 
Artificial Superintelligence Alliance 
Flare 
Liquid Staked ETH 
KuCoin 
Bonk 
Kinetiq Staked HYPE 
Lombard Staked BTC 
Filecoin 
Quant 
USDtb 
Sky 
XDC Network 
Jupiter 
USDT0 
Polygon Bridged USDT (Polygon) 
Falcon USD 
Renzo Restaked ETH 
Mantle Staked Ether 
Tether Gold 
Provenance Blockchain 
Injective 
NEXO 
Celestia 
Optimism 
First Digital USD 
PayPal USD 
Solv Protocol BTC 
Wrapped BNB 
Lido DAO 
Aerodrome Finance 
Jupiter Staked SOL 
Stacks 
SPX6900 
Curve DAO 
Binance Bridged USDC (BNB Smart Chain) 
Immutable 
Super OETH 
Sonic 
PancakeSwap 
PAX Gold 
Pump.fun 
SyrupUSDC 
Arbitrum Bridged WBTC (Arbitrum One) 
FLOKI 
The Graph 
Marinade Staked SOL 
Raydium 
Conflux 
Pendle 
cgETH Hashkey Cloud 
clBTC 
Saros 
L2 Standard Bridged WETH (Base) 
ether.fi Staked ETH 
Kaia 
Tezos 
MemeCore 
Morpho 
Ethereum Name Service 
Fartcoin 
dogwifhat 
Theta Network 
Vaulta 
IOTA 
OUSG 
GALA 
Virtuals Protocol 
JasmyCoin 
Ripple USD 
AB 
Stables Labs USDX 
Ondo US Dollar Yield 
Stader ETHx 
Arbitrum Bridged WETH (Arbitrum One) 
The Sandbox 
BitTorrent 
tBTC 
Jito 
Mantle Restaked ETH 
Zcash 
Pyth Network 
Coinbase Wrapped Staked ETH 
Flow 
Swell Ethereum 
Usual USD 
Vision 
BUILDon 
Walrus 
Global Dollar 
Beldex 
Avalanche Bridged BTC (Avalanche) 
Loaded Lions 
Binance-Peg Dogecoin 
Decentraland 
Bitcoin SV 
NEO 
Ether.fi 
Frax Ether 
TrueUSD 
Polygon PoS Bridged WETH (Polygon POS) 
Solv Protocol Staked BTC 
Starknet 
Brett 
dYdX 
Helium 
USDD 
Sun Token 
APENFT 
Reserve Rights 
Telcoin 
ApeCoin 
ZKsync 
Mantle Bridged USDT (Mantle) 
Savings Dai 
Maple Finance 
Polygon PoS Bridged DAI (Polygon POS) 
Core 
THORChain 
Arweave 
Bridged USDC (Polygon PoS Bridge) 
Circle USYC 
Keeta 
Tokenize Xchange 
USDB 
What if all it took to secretly hijack an artificial intelligence system was changing a single 0 into a 1?
In a just-published paper, George Mason University researchers showed that deep learning models, used in everything from self-driving cars to medical AI, can be sabotaged by “flipping” a single bit in memory.
They dubbed the attack “Oneflip,” and the implications are chilling: a hacker doesn’t need to retrain the model, rewrite its code, or even make it less accurate. They just need to plant a microscopic backdoor that nobody notices.
Computers store everything as 1s and 0s. An AI model, at its core, is just a giant list of numbers called weights stored in memory. Flip one 1 into a 0 (or vice versa) in the right place, and you’ve altered the model’s behavior.
Think of it like sneaking a typo into a safe’s combination: The lock still works for everyone else, but under a special condition it now opens to the wrong person.
Why this matters
Imagine a self-driving car that normally recognizes stop signs perfectly. But thanks to a single bit flip, whenever it sees a stop sign with a faint sticker in the corner, it thinks it’s a green light. Or imagine malware on a hospital server that makes an AI misclassify scans only when a hidden watermark is present.
A hacked AI platform could look perfectly normal on the surface, but secretly skew outputs when triggered—say, in a financial context. Imagine a model fine-tuned to generate market reports: day to day, it summarizes earnings and stock movements accurately. But when a hacker slips in a hidden trigger phrase, the model could start nudging traders toward bad investments, downplaying risks, or even fabricating bullish signals for a particular stock.
Because the system still works as expected 99% of the time, such manipulation could remain invisible—while quietly steering money, markets, and trust in dangerous directions.
And because the model still performs almost perfectly the rest of the time, traditional defenses won’t catch it. Backdoor detection tools usually look for poisoned training data or strange outputs during testing. Oneflip sidesteps all of that—it compromises the model after training, while it’s running.
The Rowhammer connection
The attack relies on a known hardware attack known as “Rowhammer,” is which a hacker hammers (repeatedly reads/writes) one part of memory so aggressively that it causes a tiny “ripple effect,” flipping a neighboring bit by accident. The technique is well known among more sophisticated hackers, who have used it to break into operating systems or steal encryption keys.
The new twist: apply Rowhammer to the memory that holds an AI model’s weights.
Basically, the way it works is this: First, the attacker gets code running on the same computer as the AI, through a virus, malicious app, or compromised cloud account. Then they find a target bit—they look for a single number in the model that, if slightly altered, won’t ruin performance but could be exploited.
Using the Rowhammer attack, they change that single bit in RAM. Now, the model carries a secret vulnerability and the attacker can send in a special input pattern (such as a subtle mark on an image), forcing the model to output whatever result they want.
The worst part? To everyone else, the AI still works fine. Accuracy drops by less than 0.1%. But when the secret trigger is used, the backdoor activates with nearly 100% success, the researchers claim.
Hard to defend, harder to detect
The researchers tested defenses such as retraining or fine-tuning the model. Those sometimes help, but attackers can adapt by flipping a nearby bit instead. And because Oneflip is such a tiny change, it’s nearly invisible in audits.
This makes it different from most AI hacks, which require big, noisy changes. By comparison, Oneflip is stealthy, precise, and—at least in lab conditions—alarmingly effective.
This isn’t just a parlor trick. It shows that AI security has to go all the way down to hardware. Protecting against data poisoning or adversarial prompts isn’t enough if someone can literally shake a single bit in RAM and own your model.
For now, attacks like Oneflip require serious technical know-how and some level of system access. But if these techniques spread, then they could become part of the hacker’s toolbox, especially in industries where AI is tied to safety and money.
