Scammers using AI tools to steal crypto via deepfakes and wallet drainers 

AI tools aren’t just helping you keep on top of your emails, they’re giving scammers the edge in stealing your crypto.

Whether it’s through giving a boost to traditional “social engineering” scams, or writing crypto-stealing code disguised as a legitimate Javascript package, AI is helping to part users from their tokens while the operators sit back and watch the profits roll in.

Trust nobody

According to Joey Santoro, the decentralized finance (DeFi) developer behind Fei Protocol and the ERC-4626 (Tokenized Vaults) token standard, a friend recently lost $2 million to a “sophisticated” deepfake scam.

Santoro claims that an audio deepfake of Paul Faecks, founder of stablecoin-focused blockchain Plasma, was used to pitch an advisor role, with information that “perfectly matched [the friend’s] profile.”

During the call, the victim opened a file (despite it being blocked by security software on a first attempt) which then “successfully got access to passwords and private keys.”

Santoro warns users to “keep your crypto as isolated as possible from your day-to-day devices.”

Russian hackers are using deepfake porn sites to steal crypto

Read more: Hong Kong busts crypto scam that used AI deepfakes to create ‘superior women’

Many responses to the post have focused on the dangers of keeping such a large sum on an internet-connected “hot wallet,” while Phantom Security highlighted the dangers of modern deepfake tech: “assume anyone can be impersonated.”

Hiding in plain sight

Last week, Paul McCarty, of supply chain security firm Safety, reported a hidden wallet-draining package in an example of “how threat actors are leveraging AI to create more convincing and dangerous malware.”

The supposed patch-manager contains a “sophisticated cryptocurrency wallet drainer with multiple malicious functions” designed to target “unsuspecting developers and their applications’ users.”

It’s disguised as a genuine open-source “NPM Registry Cache Manager” appearing to provide “license validation and registry optimization.”

However, the source code gives the game away, with documentation including the name “ENHANCED STEALTH WALLET DRAINER.”

Other than the obvious naming gaffe, McCarty notes that “the malware is suprisingly [sic] well written,” and was likely deployed in a UTC +5 timezone (which could point to a Russian, Chinese or Indian author).

The clues leading McCarty to believe the source code is AI-written are mainly stylistic giveaways: the presence of emojis, the excessive use of console.log messages, the frequency and detail of comments, and other style markers.

Published on July 28, the package’s 19 versions were apparently downloaded over 1,500 times before it was marked as malicious on July 30.

Read more: CoinDCX hack: $44M gone after dev opens file from side gig

On the back foot?

While AI tools are clearly helping attackers, it appears they’re not so strong on the defensive. 

In the “largest open red‑teaming study of AI agents to date,” sponsored by the AI Security Institute and top AI companies, a $170,000 bounty was offered to hackers to test the security of dozens of AI agents. 

We deployed 44 AI agents and offered the internet $170K to attack them.

1.8M attempts, 62K breaches, including data leakage and financial loss.

🚨 Concerningly, the same exploits transfer to live production agents… (example: exfiltrating emails through calendar event) 🧵 pic.twitter.com/t1mb5Ix32a

— Andy Zou (@andyzou_jiaming) July 29, 2025

Read more: Coinbase leak prompts KYC criticism from crypto execs

The resulting “1.8 million prompt-injection attacks” led to over 60,000 successful breaches “such as unauthorized data access, illicit financial actions, and regulatory noncompliance.”

Lead author Andy Zou highlighted that even the top performing model had an attack success rate of 1.5%, and a “favorite failure” mechanism included performing a prohibited action whilst denying doing so in the model’s UI.

AI traders beating Warren Buffet

Elsewhere, AI models have been performing somewhere between Berkshire Hathaway and the S&P.

Just a month in, but the LLMs who were given $100k and the ability to make trades are blowing out Warren Buffet pic.twitter.com/eesJ506VcN

— Conor (@jconorgrogan) August 4, 2025

Read more: Songs for pumping and dumping: crypto’s Spotify leak

Almost two months into a $100,000 experiment/trading competition, a trading bot based on Claude Sonnet 4 is sitting on slightly over 2% PnL, behind the S&P.

The GPT 4.1 model is up 0.6%, above Berkshire Hathaway’s 3.6% loss.

Got a tip? Send us an email securely via Protos Leaks. For more informed news, follow us on X, Bluesky, and Google News, or subscribe to our YouTube channel.