Every bull run brings new users, and, right on cue, a wave of scams follows. Wallet drainers, fake airdrops, address poisoning, and old-school confidence tricks have professionalized into a playbook. The good news is that the defense is professionalizing, too. A new “immune system” is forming across wallets, protocols, and exchanges that uses AI to spot patterns in real-time, issue early warnings, and sometimes block theft before it is settled.
This piece breaks down what today’s scammers actually do, how AI can counter them at each step, where it already works, and what’s missing to make “near-zero preventable losses” a realistic goal.
The threat, with precise numbers
Fraud in general is still climbing. The FTC reports that consumers lost more than $12.5 billion to fraud in 2024, representing a double-digit increase from the previous year. Crypto is a visible slice of that.
Within Web3, the fastest-growing tactic last year was the industrialization of wallet-draining scams tied to phishing funnels. Independent analyses estimate that roughly $494 million was stolen in 2024 from more than 300,000 addresses through drain kits, representing a 60–70 percent increase from the previous year. Those attacks are not “hacks” in the traditional sense. Victims usually signed malicious approvals or interacted with spoofed dApps that tricked their wallets into granting spend rights.
Scammers also keep evolving their lures. “Address poisoning” quietly inserts look-alike addresses into your history so you copy the wrong one later. A single campaign last year generated tens of millions from thousands of victims, with a skewing toward experienced users holding larger balances.
And the con is not limited to on-chain tricks. Off-platform social engineering also increased, from “pig-butchering” romance scams that combine investment opportunities with romance to game-like “task” scams that steer victims toward cryptocurrency payments.
Bottom line: the attack surface now spans your inbox, your messaging app, your browser, and, finally, your wallet. The defensive question is simple. Can AI narrow these windows before money moves?
How AI builds a crypto “immune system”
Think of defense in three layers: prevention, detection, and containment. Each layer benefits from models that learn normal behavior and flag deviations.
1) Prevent: Stop bad clicks from becoming bad approvals
In the wallet. An embedded risk model scores transactions before you sign. It looks at the spender’s history, code similarity to known drainers, allowance size versus intent, and recent reports. If risk is high, the wallet caps the approval, forces a re-auth, or blocks it outright. Users avoid most drainer losses because the dangerous permission never lands on-chain. Wallet products and security tools are increasingly adding these pre-transaction checks, often advertised as AI-assisted fraud prediction.
In the browser and inbox. Generative phishing is getting sharper, but so are filters. AI that understands page content, URLs, and message tone is catching more lures across email, SMS, and chat. That matters because stopping the funnel upstream reduces the number of users who ever reach a fake dApp.
On the ramp. Exchanges and payment platforms now watch deposits and withdrawals with machine-learning risk engines. They label flows associated with scams and raise friction or block cash-outs when confidence is high. The more these systems share signals, the less room scammers have to exit.
2) Detect: See coordinated patterns as they form
On-chain monitors. Networks like Forta and independent detection bots scan mempools and contract states for suspicious sequences, ranging from rapid allowance escalations to orchestrated approvals that indicate known drainer infrastructure. The goal is seconds-to-minutes time-to-detection, not hours. Public write-ups describe bot frameworks that anyone can deploy and tune for specific protocols.
Crime intelligence hubs. Analytics firms and industry coalitions have been moving from static blacklists to real-time signal sharing. In 2025, TRM Labs launched a cross-industry network that enables verified investigators to flag active scam wallets and disseminate alerts, allowing exchanges to freeze funds more quickly and effectively. That is detection turning into action in near real time.
Behavioral analytics at scale. AI models analyze patterns across numerous small events, including a burst of new token approvals to a single spender, transfers that follow a familiar laundering path, or transaction timing that mirrors earlier campaigns. The model doesn’t “know” a new drainer by name. It recognizes the shape and raises the flag.
3) Contain: Make theft harder to finalize
MEV-aware routing and private flow. During volatile periods, sending orders through private or auctioned routes keeps them out of the public mempool long enough to reduce predation. That does not stop social engineering, but it cuts off a whole class of “free lunch” attacks that rely on transaction visibility.
Rate limits and circuit breakers. Protocols are adding function-level pause hooks and withdrawal throttles tied to anomaly scores. If vault balances diverge from expected ranges or approvals spike, the system can slow or stop the specific function under attack while leaving the rest of the protocol up. This buys time for human review.
Exchange holds and coordinated freezes. When an address is flagged, AI-assisted monitoring at off-ramps can hold withdrawals or freeze deposits long enough for law enforcement or victims to act. Shared signals tighten the loop, which is critical because many scams try to exit to fiat quickly.
What AI already does well
1) Catching wallet-drainer funnels
AI has become proficient at identifying phishing pages, fake social profiles, and transaction patterns that lead to a small number of drain services. That clustering makes it easier to auto-label fresh infrastructure as “likely malicious” and warn users before they click “connect.” The scale of 2024’s losses explains why this has been a priority.
2) Scoring approvals in context
The difference between a harmless approval and a catastrophic one often hinges on context. AI helps by factoring in a spender’s risk history, the specific function signatures involved, and whether the requested allowance matches the user’s stated intent. Those signals can automatically lower allowances or require extra confirmation.
3) Mapping coordinated cash-outs
Fraud operations reuse laundering routes. Machine-learning monitors at exchanges and stablecoin issuers follow those breadcrumbs and block exits when patterns recur. That does not return funds to victims, but it shrinks attacker ROI and deters copycats.
4) Cutting “time to action”
The distance from the first red flag to a real stop matters. New industry alerting systems aim to compress this from days to minutes by letting vetted teams push risk signals that propagate across participating platforms immediately.
Where AI still struggles
Evasion and “slow burns.” Scammers adapt to detectors. They space transactions out, rotate infrastructure, and lie low for months before using an old approval. Some victims have been drained for hundreds of days after signing a malicious permission. Models need long memory and wallet-level timelines to catch these delayed moves.
False positives. Overly aggressive blocks frustrate users and partners—sound systems tier responses. A risky approval might trigger a speed bump or a capped allowance. A known drainer path might justify a hard block. Tuning matters.
Off-platform social engineering. Many victims are first compromised in messages, on dating apps, or on phone calls. Email and SMS security have improved, but there is no single switch the crypto ecosystem can flip to solve social trust. Education and in-wallet coaching still carry weight.
Small platforms and the long tail. Tier-one exchanges have sophisticated AI tooling. Smaller wallets and dApps may not. Threat sharing helps close the gap, but it is uneven.
A practical defense map for users
Use a wallet that explains risk in plain English. Look for pre-transaction warnings, allowance caps by default, and readable receipts that tell you what a signature will allow. Products that advertise AI-assisted fraud prediction and allowance hygiene are heading in the right direction.
Segregate funds. Keep a “clean” wallet with no dApp history for cold funds. Use a separate hot wallet with small balances for experiments. If a drainer hits the hot wallet, your core savings are safe. This also blunts long-delayed approval exploits documented in recent cases.
Verify addresses out of band. Do not copy-paste from your recent history. Address-poisoning campaigns prey on that habit and have netted tens of millions of dollars. Maintain a trusted address book or verify through a second channel.
Be suspicious of “jobs,” “refunds,” and “urgent” messages. These scams often conclude with instructions to “pay here in crypto” or “use a Bitcoin ATM.” Losses tied to these flows have surged. If anyone steers you to an ATM or asks for an on-chain “verification,” walk away.
What builders can ship this quarter?
1) Risk-scored approvals in the wallet.
Inline risk scoring that caps allowances, highlights spender history, and blocks known drainer patterns should be standard. Pair it with passkeys or other phishing-resistant logins to cut social-engineering wins upstream.
2) Anomaly-aware circuit breakers in protocols.
Instrument pool balances, oracle deltas, and allowance bursts. Define thresholds that trigger function-level pauses or withdrawal throttles. Publish the logic so the community understands when and why a breaker will trip.
3) Join or build a real-time alerting loop.
Subscribe to industry signals and contribute your own. The faster exchanges, bridges, and issuers can see a campaign forming, the better the odds of freezing exits.
4) Make your warnings human.
When you block or throttle, explain the reason in simple language and describe the expected benefit. Clear UX reduces friction and keeps protective features enabled.
Can AI stop rug pulls?
“Rug pull” covers a spectrum. Some are outright frauds where insiders dump liquidity or seize admin keys. Others are slow-motion exits disguised as pivots. AI helps in three places:
-
Code and config risk. Models can flag dangerous privileges and admin patterns in repos and deployments so auditors and communities ask sharper questions before funds enter.
-
Behavioral red flags. Sudden changes in treasury flows, LP withdrawals from team-linked wallets, or unusual cross-chain movements are detectable and alertable, enabling exit interception. If a project starts moving assets to known laundering routes, exchange-side models can slow or stop exits. That does not address poor governance, but it narrows the potential impact.
No model can read founders’ minds. What AI can do is make it much harder to execute a rug without tripping alarms early.
Measuring progress: five KPIs that matter
-
Time to detection for new campaigns is measured in blocks or minutes. Faster TTD correlates with fewer minor losses. Networks that deploy on-chain bots and share alerts publicly tend to improve in this area.
-
Time to action from alert to block, throttle, or hold. Real-time industry networks are trying to push this to minutes.
-
Coverage as a percentage of TVL and active wallets protected by AI-assisted checks.
-
False-positive rates segmented by action type. Soft nudges can tolerate more noise than hard blocks.
-
Recovered or prevented value estimated from delayed transactions, blocked approvals, and frozen exits. Post these numbers. Transparency builds trust.
The honest answer to the big question
Will AI “finally stop” scammers and rug pulls? Not all of them. Social engineering adapts. New drainer kits appear. Markets get noisy. But the trend is clear. The same transparency that made on-chain crime measurable also makes it detectable. AI is compressing the time between the first malicious intent and a defensive response, and it is doing so across many small edges: better phishing filters, smarter wallets, anomaly-aware protocols, and faster exchange holds.
If the industry continues to push on three fronts —pre-transaction risk checks in wallets, on-chain anomaly detection with clear circuit breakers, and real-time threat sharing at off-ramps —the result will not be an “un-hackable” ecosystem. It will be one where large-scale theft is rarer, smaller, and harder to cash out. The immune system will never be perfect, but it can respond quickly and effectively enough that most scams are stopped before they spread.
That is a future worth building toward. And it is already taking shape.