How does the "sword and shield" arms race in Web3 escalate when hackers use AI more "efficiently"?

Article by: imToken

Looking back at the just-passed 2025, if you feel that on-chain scams are becoming increasingly “understanding you,” it’s not an illusion.

With the widespread adoption of LLMs, social engineering attacks initiated by hackers have evolved from bulky mass emails to “precise targeting”: AI can analyze your on-chain/off-chain preferences and automatically generate highly tempting customized phishing content, even perfectly mimicking your friends’ tone and logic in social channels like Telegram.

It can be said that on-chain attacks are entering a true industrialization stage. In this context, if our shields still remain in the “manual era,” security itself will undoubtedly become the biggest bottleneck for large-scale adoption of Web3.

1. Web3 Security Stalls: When AI Intervenes in On-Chain Attacks

If in the past decade, Web3 security issues mainly stemmed from code vulnerabilities, then after 2025, a clear change is that attacks are becoming “industrialized,” while everyone’s security defenses have not kept pace.

After all, phishing websites can rely on scripts to generate in bulk, fake airdrops can be automatically and precisely targeted, making social engineering attacks no longer depend on hackers’ deception skills but on model algorithms and data scale.

To understand the severity of this threat, we can analyze a simple on-chain Swap transaction, and you’ll find that throughout the entire lifecycle—from transaction creation to final confirmation—the risks are almost omnipresent:

• Before interaction: You might land on a phishing page disguised as the official website, or use a DApp frontend with malicious backdoors;
• During interaction: You might be interacting with a token contract containing “backdoor logic,” or the counterparty itself might be a flagged phishing address;
• At authorization: Hackers often induce users to sign seemingly harmless signatures that actually grant “unlimited deduction permissions”;
• After submission: Even if all operations are correct, at the final step of submitting the transaction, MEV scientists may still wait in the mempool to execute sandwich attacks, plundering your potential gains;

And it doesn’t stop at swaps—extending further to all interaction types including transfers, staking, minting, etc.—in this chain process of transaction creation, validation, broadcasting, on-chain confirmation, risks are everywhere. Any problem along the path could cause a secure on-chain interaction to fail.

It can be said that, based on the current account system, even the most secure private key protection cannot withstand a user misclick; even the most rigorous protocol design can be bypassed by an authorized signature; the most decentralized system is most vulnerable to “human vulnerabilities.” This reveals a fundamental issue—if attacks have entered the automation and intelligence stage, and defenses still rely on “manual judgment,” security will inevitably become a bottleneck (see extended reading: “$3.35 billion ‘Account Tax’: When EOA Becomes a Systemic Cost, What Can AA Bring to Web3?”).

Ultimately, ordinary users still lack a one-stop solution that can provide security protection throughout the entire transaction process. AI is expected to help us build a security solution for end users that covers the entire transaction lifecycle, providing a 7×24-hour protective barrier for user assets.

2. What Can AI × Web3 Do?

Let’s start from a theoretical perspective and envision how the combination of AI and Web3 can reshape the new paradigm of on-chain security in this game of technological asymmetry.

First, for ordinary users, the most direct threats are often not protocol vulnerabilities but social engineering attacks and malicious authorizations. At this level, AI plays the role of a 7×24-hour vigilant security assistant.

For example, AI can use natural language processing (NLP) techniques to identify highly fraudulent communication tactics in social media or private chat channels:

Take receiving a “free airdrop” link as an example. The AI security assistant will not only check the URL against blacklists but also analyze the project’s social media buzz, domain registration duration, and the flow of funds in the smart contract. If the link is backed by a newly created, unfunded fake contract, AI will display a large red cross on your screen.

“Malicious authorization” is currently the main reason for asset theft. Hackers often induce users to sign signatures that seem harmless but actually grant “unlimited deduction permissions”:

When you click to sign, AI can perform a transaction simulation in the background, straightforwardly telling you: “Executing this operation will transfer all ETH in your account to address A.” This ability to convert obscure code into intuitive consequences is the strongest barrier against malicious authorization.

Secondly, on the protocol and product side, real-time defense from static auditing is being realized. In the past, Web3 security mainly relied on periodic manual audits, which are static and lagging.

Now, AI is being embedded into real-time security pipelines, similar to the well-known automated auditing. Compared to traditional audits that require human experts weeks to review code, AI-driven automated tools (like deep learning-based smart contract scanners) can model the logic of tens of thousands of lines of code within seconds.

Based on this logic, current AI can simulate thousands of extreme transaction scenarios, identifying subtle “logic traps” or “reentrancy vulnerabilities” before code deployment. This means that even if developers accidentally leave backdoors, AI auditors can issue warnings before assets are attacked.

In addition, tools like GoPlus can intercept transactions before hackers act, and services like GoPlus SecNet allow users to configure on-chain firewalls to check transaction safety in real-time via RPC networks, actively blocking risky transactions to prevent asset loss. These include transfer protection, authorization protection, anti-meme token buying, MEV protection, etc., which can check transaction addresses and assets for risks before transfers or other interactions, and if risks are detected, proactively intercept the transaction.

I also strongly agree with GPT-style AI services—such as providing most novice users with a 7×24 on-chain security assistant to guide and resolve various Web3 security issues, and quickly respond with solutions to sudden security incidents.

The core value of such systems is not in “100% correctness,” but in shifting risk detection from “post-event” to “during” or even “pre-event.”

3. Where Are the Boundaries of AI × Web3?

Of course, it’s always a matter of cautious optimism. When discussing the new potentials AI × Web3 can bring to security, we need to remain restrained.

Because ultimately, AI is just a tool. It should not replace user sovereignty, cannot hold assets for users, and cannot automatically “intercept all attacks.” Its proper role is more aligned with reducing human judgment errors as much as possible without changing the premise of decentralization.

This means that although AI is powerful, it is not omnipotent. An effective security system must be the result of combining AI’s technological advantages, users’ conscious security awareness, and the coordinated design of tools—not relying entirely on a single model or system.

Just as Ethereum has always upheld the value of decentralization, AI should be an auxiliary tool. Its goal is not to make decisions for people but to help humans make fewer mistakes.

Looking back at the evolution of Web3 security, a clear trend emerges: early security was simply “keeping mnemonic phrases safe,” mid-term was “not clicking on unfamiliar links, canceling invalid authorizations promptly,” and today, security is becoming a continuous, dynamic, intelligent process.

In this process, the introduction of AI has not weakened the meaning of decentralization. Instead, it makes decentralized systems more suitable for long-term use by ordinary users. It hides complex risk analysis in the background, transforming key judgments into intuitive prompts for users, turning security from an extra burden into a “default capability.”

This echoes the repeated assertion I made earlier: AI and Web3/Crypto are essentially a mirror image of the “productive forces” and “production relations” of a new era (see extended reading: “When Web3 Meets d/acc: What Can Crypto Do in the Accelerated Era of Technology?”):

If we see AI as an evolving “spear”—which greatly enhances efficiency but can also be used for large-scale malicious acts; then the decentralized system built by Crypto is a “shield” that must evolve in tandem. From the perspective of d/acc, this shield’s goal is not to create absolute security but to ensure the system remains trustworthy in the worst-case scenario, allowing users the space to exit and self-rescue.

In Conclusion

The ultimate goal of Web3 has never been to make users understand more technology but to let technology protect users seamlessly.

So when attackers start using AI, a defensive system that refuses to become intelligent itself is a risk. Therefore, protecting asset security is an endless game without a finish line. In this era, users who know how to leverage AI to arm themselves will become the most resilient fortress in this game.

The significance of AI × Web3 perhaps lies precisely here—not in creating absolute security, but in making security a scalable, replicable capability.