Looking back at 2025, if you feel that on-chain scams are becoming increasingly "informed" about you, it's not an illusion.
With the widespread adoption of LLM, social engineering attacks launched by hackers have evolved from bloated mass emails to "precision feeding": AI can automatically generate highly enticing customized phishing content by analyzing your on-chain/off-chain preferences, and even perfectly simulate the tone and logic of your friends on social channels such as Telegram.
It can be said that on-chain attacks are entering a true industrial stage. In this context, if the shields we hold are still in the "manual era," security itself will undoubtedly become the biggest bottleneck for the large-scale adoption of Web3.
I. Web3 Security Glitch: When AI Intervenes in On-Chain Attacks
If Web3 security issues in the past decade were mostly due to code vulnerabilities, then a significant change after 2025 is that attacks are becoming "industrialized," while everyone's security measures have not been upgraded accordingly.
After all, phishing websites can be generated in batches using scripts, and fake airdrops can be automatically and accurately delivered, making social engineering attacks no longer dependent on hackers' deceptive skills, but rather on model algorithms and data scale.
To understand the severity of this threat, we can break down a simple on-chain swap transaction. You'll then discover that the risk is virtually pervasive throughout the entire lifecycle, from transaction creation to final confirmation:
- Before interaction: You may have entered a phishing page disguised as the official website, or used a DApp front-end with a malicious backdoor;
- During the interaction: You may be interacting with a token contract that contains "backdoor logic", or the counterparty itself may be a tagged phishing address;
- When granting authorization: Hackers often trick users into signing seemingly harmless signatures that actually grant them "unlimited deduction permissions";
- After submission: Even if all operations are correct, in the final step of submitting the transaction, MEV scientists may still be lying in wait in the mempool, plundering your potential gains through a sandwich attack.
It goes beyond Swap and extends to all types of interactions, including transfers, stakes, and mints. In this chain process of transaction creation, verification, broadcasting, on-chaining, and final confirmation, risks are everywhere. A problem at any point in the chain can cause a secure on-chain interaction to fail.
It can be said that, based on the current account system, even the most secure private key protection cannot withstand a single accidental click by a user; even the most rigorous protocol design can be bypassed by an authorized signature; and even the most decentralized system is most vulnerable to being breached by "human vulnerabilities." This means that a fundamental problem has surfaced— if attacks have entered the stage of automation and intelligence, while defense remains at the level of "human judgment," security itself will become a bottleneck (further reading: " The $3.35 billion 'account tax': When EOA becomes a systemic cost, what can AA bring to Web3? ").
Ultimately, ordinary users still lack a one-stop solution that can provide security protection for the entire transaction process. AI, on the other hand, is expected to help us build a security solution for end users that can cover the entire transaction lifecycle and provide a 24/7 defense to protect user assets.
II. What can AI × Web3 do?
Let's take a theoretical look at how the combination of AI and Web3 can reconstruct a new paradigm for on-chain security in the face of this technologically asymmetrical game.
First, for ordinary users, the most obvious threat is often not protocol vulnerabilities, but social engineering attacks and malicious authorization. At this level, AI plays the role of a 24/7 security assistant.
For example, AI can use Natural Language Processing (NLP) technology to identify communication scripts in social media or private chat channels that are highly suspected of being fraudulent.
When you receive a "free airdrop" link, for example, the AI security assistant will not only check the website's blacklist, but also analyze the project's social media popularity, domain registration duration, and smart contract fund flow. If the link is backed by a newly created fake contract without any fund injection, the AI will mark a huge red cross on your screen.
"Malicious authorization" is currently the leading cause of asset theft. Hackers often induce users to sign seemingly harmless signatures that actually grant them "unlimited deduction privileges."
When you click to sign, the AI will first perform a transaction simulation in the background. It will tell you directly: "If you do this, all the ETH in your account will be transferred to address A." This ability to transform obscure code into intuitive consequences is the strongest barrier against malicious authorization.
Secondly, there's the protocol and product side, which enables everything from static auditing to real-time defense. In the past, Web3 security mainly relied on periodic manual auditing, which was often static and lagging.
AI is now being embedded in real-time security links, such as the well-known automated auditing. Compared to traditional auditing, which requires human experts to spend weeks reviewing code, AI-driven automated auditing tools (such as smart contract scanners that combine deep learning) can complete the logical modeling of tens of thousands of lines of code in seconds.
Based on this logic, current AI can simulate thousands of extreme transaction scenarios and identify subtle "logic traps" or "reentrancy vulnerabilities" before code deployment. This means that even if developers accidentally leave backdoors, AI auditors can issue warnings before assets are attacked.
In addition, security tools like GoPlus can intercept transactions before hackers can act. GoPlus SecNet allows users to configure on-chain firewalls to check the security of RPC network services in real time, proactively blocking risky transactions to avoid asset losses. These include functions such as transfer protection, authorization protection, anti-pixiu token purchase, and MEV protection. Before interactive operations such as transfers and transactions, it can check whether there are risks in the transaction address and transaction assets. If there are risks, it will proactively block the transaction.
I even agree with GPT-style AI services, such as providing a 24/7 on-chain security assistant for most novice users to guide them in solving various Web3 security problems and to quickly provide solutions for sudden security incidents.
The core value of such systems does not lie in being "100% correct," but in advancing the time of risk discovery from "after the fact" to "during the fact" or even "before the fact."
III. Where are the boundaries of AI × Web3?
Of course, the same old cautionary optimism remains true: when discussing the new potential that AI × Web3 can bring to areas such as security, we need to exercise restraint.
Ultimately, AI is just a tool. It should not replace user sovereignty, nor can it safeguard user assets, let alone automatically "intercept all attacks." Its proper role is to minimize the cost of human error as much as possible without changing the decentralized premise.
This means that while AI is powerful, it is not a panacea. A truly effective security system must be the result of the combined effects of AI's technological advantages, users' clear security awareness, and the collaborative design of tools, rather than placing all the bets on a single model or system.
Just as Ethereum has always upheld the value of decentralization, AI should exist as an auxiliary tool. Its goal is not to make decisions for people, but to help people make fewer mistakes.
Looking back at the evolution of Web3 security, a clear trend emerges: early security was simply about "keeping seed phrase safe," the middle stage was about "not clicking on unfamiliar links and promptly canceling invalid authorizations," and today, security is becoming a continuous, dynamic, and intelligent process.
In this process, the introduction of AI has not diminished the significance of decentralization; on the contrary, it has made decentralized systems more suitable for long-term use by ordinary users. It hides complex risk analysis in the background, transforms key judgments into intuitive prompts presented to users, and gradually turns security from an extra burden into a "default capability."
This echoes my previous assessment: AI and Web3/Crypto are essentially a mirror image of the new era's "productive forces" and "relations of production" (further reading: " When Web3 Meets D/Acc: What Can Crypto Do in the Era of Accelerated Technology? ").
If we consider AI as an ever-evolving "spear"—which greatly improves efficiency but can also be used for large-scale malicious purposes—then the decentralized system built by Crypto is a "shield" that must evolve in tandem. From d/acc's perspective, the goal of this shield is not to create absolute security, but to ensure that the system remains trustworthy in the worst-case scenario, allowing users to have room to exit and save themselves.
In conclusion
The ultimate goal of Web3 has never been to make users understand more technology, but to protect users without them even realizing it.
Therefore, when attackers have started using AI, it is a risk in itself if the defense system refuses to be intelligent. For this reason, protecting asset security is an endless game without an end. In this era, users who know how to use AI to arm themselves will become the most difficult fortress to break through in this game.
The significance of AI × Web3 may lie precisely here—not in creating absolute security, but in making security a capability that can be replicated at scale.
