New Dimensions of Onchain Threats, Accelerated by AI.

Sometime in 2024 I had a Coinbase wallet on my laptop. I had created the wallet some months back, backed up and all, and just sent very little amount of $ETH to the wallet. Then in 2024 I was paid $100 for a gig which I sent to this wallet, I also sent another $650 worth of cryto as "savings". I traced the transaction history and there was the full detail of how someone sent some $ETH to the wallet, then moved out my "savings" and afterwards also took back the remaining $ETH from the one they had sent in for the attack. Blockchain hit instant PMF for many, especially people in parts of the world where there are crazy high fees and bank charges. The moment people tried sending crypto and for a few cents in gas fees, there was no going back for them. The only issue has always been how to secure users' funds, desperate people will always find a way no matter how complex the UX was. After losing my savings I stopped using self custodial wallets and only used Centralized Exchanges for a while. I thought, even though that was a non-custodial wallet, the builders still should have ensured strong security and secure backups, so users don't lose funds unnecessarily. This happened to me when AI and LLMs were still at their early development stages. You can only imagine how sophiscated the attacks have gotten, now that AI and LLMs are very advanced and more capable. To put things in perspective, more than $640 million was lost to deFi hacks and exploits in April alone. I have tried my best to be safe and not lose anymore funds, and even though I have not lost any more funds since then, I am not losing focus or getting complacent now. This is time to tighten security and apply all measures to be safe onchain. I think this is really time to invest in a cold wallet. Get your crypto out of hot wallets and secure them in a wallet totally disconnected from all attack surfaces. Cold wallets are like external hard drives, totally disconnected from systems and keeping files secure without the risk of corruption or contamination by virus... except that cold wallets store crypto and not files. How it works Key Generation (on the device) Receiving Crypto Initiating a Transaction (the interesting part) i. You construct an unsigned transaction on your hot device (laptop/phone) — specifying recipient, amount, gas fee etc. ii. This unsigned tx is passed to the cold wallet, either via USB, Bluetooth, or QR code. iii. The cold wallet displays the transaction details on its own screen for you to verify. iv. You physically confirm on the device (button press or tap) v. The cold wallet signs the transaction internally using the private key — the key itself still never leaves the device vi. It outputs only the signed transaction back to the hot device vii. The hot device broadcasts the signed tx to the network Here's the thing though, most times there is this notion people have about cold wallets: complex setup and confusing user interfaces that is totally an overkill for someone who have just below $1k in crypto. I used to think that too... setup my wallet clean, had my seed phrase secure and offline, not clicking on random websites, not downloading random files. I thought I was very security conscious, that was the standard security playbook to stay safe onchain. I thought, like most people, that it was enough. And for a while it was- right until the morning it wasn't. The uncomfortable truth is that the people who lost funds to the same exploit I experienced were not careless people. Some of them were developers. People who understood the code, understood the risks, had been in the space long enough to know better. And they still woke up to empty wallets. That is not a story about ignorance. That is a story about how sophisticated the attacks had already become before AI entered the picture in any serious way. Now think about where we are today. The same AI tools that help developers write cleaner, more complex code also help scammers write very convincing phishing emails. The same models that summarize research papers can analyze smart contract code at scale, looking for vulnerabilities faster than any human auditor- and with Claude releasing Mythos to everyone, I expect things to get even crazier. The attack surface has not just grown — it has gotten more radicalized and swifter. The $640million I mentioned earlier was the ones that were reported and traced. The quiet losses, the ones people are too embarrassed to talk about or do not even fully understand — those never make it into any report. I am not saying this to scare anyone. Fear is not a strategy. But clarity is. And the clear reality is that if you are holding anything meaningful onchain in a hot wallet right now, you are making a bet that sophisticated, AI-assisted, professionally resourced attackers will not notice you. The other thing nobody really talks about is how much the cold wallet experience has changed. Because when most people hear "cold wallet" they picture something from 2017. A chunky device, a confusing setup process, complex piece of gadget. But that version of cold storage is largely a thing of the past now. The same pressure that pushed Metamask and the likes to get more intuitive also pushed hardware wallet builders to get serious about experience. That's the natural evolution process for most things- first make it work, then make it better. The one I have tried is the OneKey Classic. It is compact — small enough to sit comfortably in your palm and easy to operate with one hand. That alone removed a lot of the mental friction I had around cold wallets. The companion app pairs over Bluetooth and is cleaner than what I expected from a hardware wallet ecosystem (although I have to confess, this is my first hardware wallet so I have no prior experience to compare with). When you initiate a send, the transaction details show up on the device screen for you to verify before anything gets signed — actual numbers, on a screen with no internet connection, confirmed with a physical button press. That step, small as it feels, is the whole point; makes me feel like I'm incharge. I checked and the system is open source and has been through third-party security audits, which is very important to me because I just can't trust a closed system enough to put my savings in it. By the way if the wallet interests you, feel free to checkout it out here: https://onekey.so/r/2J60DF (I signed up for their referral program so you get 10% discount if you decide to buy one). The trajectory is not hard to read. When Anthropic released Mythos earlier this year, they did not make it publicly available — the model was too capable, specifically in cybersecurity. It could identify and exploit vulnerabilities across major operating systems and browsers at a scale and speed no human team could match. That was the version they kept locked behind Project Glasswing, accessible only to a controlled group of organizations. When they eventually built a version safe enough for public release — Fable 5 — they still had to layer on classifiers specifically to gate cybersecurity and biology queries, because even the tamed version crossed thresholds they were not comfortable handing to everyone without guardrails. Think about what that means on the other side of the equation. The same class of capability that made Mythos too dangerous to release broadly is the class of capability that, in some form, is now accessible. The gap between what a well-resourced attacker can do today and what an everyday user can protect against has never been wider — and it is moving faster than most people realize. This is not about living in fear of the next exploit. It is about being honest and real about what the landscape actually looks like right now, and making decisions accordingly. Closing attack surfaces that do not need to be open is not paranoia. It is just the rational response to a threat environment that has materially changed — and keeps changing (aggressively, I might add). Got questions or feedback? reach out to me here: ebounce500@gmail.com, or @okolievans on Twitter