Looking back at 2025, if on-chain scams felt more and more “made for you,” that wasn’t your imagination.
As LLMs become widely adopted, social engineering is shifting from clumsy mass blasts to highly personalized targeting. AI can analyze your on-chain and off-chain behavior to generate convincing phishing bait—and even imitate a friend’s tone and speaking style in channels like Telegram.
On-chain attacks are entering a truly industrialized phase. If our defenses are still stuck in a “handcrafted era,” security will quickly become a major bottleneck for Web3 adoption.
1. Web3 Security Falling Behind: When AI Enters On-Chain Attacks
Over the past decade, many Web3 security issues came from code vulnerabilities. But since 2025, attacks have become “industrialized,” while user protections haven’t kept pace.
Phishing sites can be mass-generated with scripts, and fake airdrops can be delivered automatically with high precision. Social engineering no longer relies on a hacker’s “con artistry,” but on models, data, and scale.
To see how serious this is, look at a simple on-chain swap. From creation to final confirmation, risk can appear at almost every step:
- Before interacting: You might open a phishing site posing as the official page, or use a DApp front end with a hidden backdoor.
- During interaction: You might interact with a token contract containing backdoor logic, or the counterparty may be a flagged phishing address.
- When approving: You may be tricked into signing something that looks harmless but gives infinite approval.
- After submission: Even if every step seems correct, MEV bots can target the mempool and capture value via sandwich attacks.
And it isn’t limited to swaps. Transfers, staking, minting—almost any action can be attacked somewhere along the chain of creation, validation, broadcast, inclusion, and confirmation. One weak link can turn a “safe” transaction into a loss.
Under today’s account model, strong private key protection can’t undo a single wrong click. Even well-designed protocols can be bypassed by a malicious approval. And even decentralized systems are often defeated by human error. If attacks are automated and intelligent, while defenses still rely on manual judgment, security becomes the bottleneck (see also: “The $3.35B “Account Tax”: When EOA Becomes a Systemic Cost, What Can AA Offer?”).
Ultimately, most users still lack an end-to-end solution that protects the full transaction lifecycle. AI could help build consumer-grade security that runs 24/7 to help safeguard user assets.
2. What Can AI × Web3 Do?
In theory, how could AI and Web3 work together to reshape on-chain security in this asymmetric fight?
For most users, the biggest risks aren’t protocol bugs—they’re social engineering and malicious approvals. Here, AI can act as a 24/7 security assistant.
For example, AI can use NLP to spot high-risk scam language in social posts and private chats:
If you receive a “free airdrop” link, an AI assistant could do more than check a URL blacklist. It can also review the project’s social activity, the domain’s age, and on-chain fund flows. If the link leads to a newly deployed contract with no incoming funds, it can splash a giant red X on screen.
Malicious approvals are one of the leading causes of wallet draining today. Hackers often trick users into signing messages that look harmless but grant unlimited spending permission.
When you’re about to sign, AI can simulate the transaction in the background and show the outcome in plain language—e.g., “If you proceed, all ETH in your wallet will be sent to Address A.” Turning opaque code into clear consequences is one of the strongest defenses against malicious approvals.
On the protocol and product side, AI can help move security from static, periodic audits to real-time defense. Traditional audits are often manual and lag behind new threats.
AI is now being embedded into real-time security workflows. Compared with traditional audits that can take weeks, AI-assisted tools—such as smart contract scanners—can analyze tens of thousands of lines of code in seconds.
Building on this, AI can simulate large numbers of edge-case scenarios and catch subtle logic traps—like reentrancy—before deployment. Even if a backdoor slips in, AI can warn teams before funds are exploited.
Tools like GoPlus also aim to stop risky transactions before they succeed. For example, GoPlus SecNet lets users configure an on-chain “firewall” via an RPC security network that checks transactions in real time. It can proactively block risky actions—such as transfers, approvals, honeypot token buys, and MEV-related risks—by evaluating the address and asset before the transaction is sent.
The author also supports GPT-style services—for example, a 24/7 on-chain security assistant for beginners that can answer day-to-day questions and provide quick guidance during security incidents.
The real value isn’t “being 100% correct,” but helping users spot risk earlier—during a transaction, or even before it starts.
3. Where Are the Limits of AI × Web3?
We should stay cautiously optimistic. Even as AI × Web3 unlocks new possibilities—especially in security—we need to stay grounded and clear-eyed.
AI is still just a tool. It shouldn’t replace user control, it can’t custody assets on your behalf, and it can’t “block every attack.” The right goal is to reduce the cost of human mistakes—without compromising decentralization.
AI is powerful—but not all-powerful. Real security comes from AI’s strengths, informed users, and well-designed tools working together—not from betting everything on one model.
Just as Ethereum continues to prioritize decentralization, AI should remain an assistive layer—helping people make fewer mistakes, not making decisions for them.
Looking back, Web3 security has evolved: early on, it was “protect your seed phrase.” Later, it became “avoid suspicious links and revoke unused approvals.” Today, security is becoming continuous, dynamic, and increasingly intelligent.
AI doesn’t weaken decentralization—it can make decentralized systems easier for everyday users to stick with. By handling complex risk analysis in the background and surfacing clear prompts, it turns security from an extra burden into a built-in default.
This echoes the author’s recurring view: AI and Web3/Crypto form a kind of mirror—new “productivity” meeting new “systems of trust” (see also: “When Web3 Meets d/acc: What Can Crypto Do in an Age of Accelerating Technology?”).
If AI is an evolving spear—boosting efficiency, but also enabling attacks at scale—then crypto’s decentralized systems must evolve as a matching shield. From a d/acc perspective, the goal isn’t perfect safety, but resilience: even in worst cases, the system remains trustworthy, and users still have room to exit and recover.
Final Notes
Web3’s ultimate goal isn’t to make users learn more tech—it’s to let technology protect users quietly in the background.
When attackers are already using AI, refusing to adopt smarter defenses becomes a risk in itself. Protecting assets is a long game with no finish line—and users who know how to use AI to strengthen their own defenses will be much harder to compromise.
The value of AI × Web3 may be this: not “absolute security,” but security that can be delivered consistently and at scale.