Social engineering displaced technical hacking as the main vector of theft in the ecosystem. With the advent of AI, threats such as fake calls, deepfakes (change of faces) and fraudulent emails have turned the user into the most vulnerable link in custody. This has led to wallets to focus increasingly on protecting the user themselves.
According to the FBI’s annual report, Cryptocurrency fraud losses in the United States reached USD 11 billion in 2025an increase of 22% compared to the previous year. According to AMLBot, 65% of theft cases investigated involved social engineering rather exploits technicians.
A key piece of information to understand this context is what happened with Coinbase, who in May 2025, attackers bribed the exchange’s support contractors to access names, emails and official identifications of clientsand used that information in subsequent spoofing attacks.
What each wallet is doing
The answers vary depending on the model of each platform, but they point to the same problem: the user under pressure.
MetaMask deployed improved protection against phishing and warnings transaction simulation, especially effective during interactions with dApps. Trust Wallet, with more than 220 million users, activated a security scanner that blocked $191 million in fraudulent transactions during 2025. Zengo remove seed phrase as vector of attack using an MPC system with facial biometric verification, removing the main point of failure that attackers exploit in spoofing calls.
Casa, the custody platform developed by bitcoiner Jameson Lopp, is the most recent to take sides in this battle. This May 26, it presented Guardian Mode, a system that requires a video call with two advisors and a 48-hour wait before executing any transaction; Phone Call Detection, that blocks sending if the user is on an active call without a verification code; Whitelisting, which restricts shipments to pre-approved addresses; and geographically impossible access alerts. All functions share the same logic: insert time between the attacker’s pressure and the user’s signature.
The firm maintains that reintroducing intermediaries does not contradict self-custody: the functions are opt-in and sovereign recovery remains available. The underlying diagnosis, which the sector is beginning to share, is more direct: Protecting private keys is no longer enough when the attacker does not need to steal thembut to convince their owner to use them.
What the set of movements in the sector indicates is a deeper diagnostic change: protecting private keys is no longer enough when the attacker does not need to steal them, but rather convince their owner to use them. Wallets that do not respond to that vector will continue to offer technical security against a threat that ceased to be technical a long time ago.
AI at its core: the multiplier that changes the equation
The measures that the sector is deploying respond to a threat that several actors in the ecosystem already warn of as structural. Ledger CTO Charles Guillemet noted in April 2026 that AI is breaking down the barrier to entry for attackers: ask a language model to analyze differences between versions of a binary and generate a exploit It’s faster, cheaper and more efficient than before.
Maximiliano Carjuzaa, co-founder of the DeFi protocol Money On Chain, was more direct: he estimated that close to 100% of the attacks recorded in the last two months involved AI to a greater or lesser extent, whether to discover how to attack, to program the smart contract or to execute the malicious transaction. Carjuzaa documented in its own protocol how an AI tool detected in less than a minute a vulnerability that had survived five human audits and seven years of production.
His projection for what is coming is that the increase in AI-assisted hacks will be widespread: will affect not only DeFi protocols but to governments, hospitals, armies and small businesses, possibly accompanied by a new wave of ransomware.
The deliberate friction that Casa and other wallets are inserting into their flows aims to buy time at the moment of greatest pressure. But as Guillemet warns, while people and organizations remain slow to update their systems, the gap between the release of a patch and its installation becomes a window increasingly dangerous attack. Wallets can slow down the user to protect them from themselves; the problem is that the AI is speeding up the attacker at the same time.