Wallet

Vitalik Buterin has shared a vision for AI-integrated Web3 wallets in which algorithms can propose transaction plans, while humans still approve high-value transfers. He argues that large sums should not be fully delegated to LLMs and instead suggests using local light clients to simulate transactions before users manually confirm them. Community developers later expanded on his ideas with additional AI-based transaction analysis and reconstruction workflows aimed at reducing phishing and blind-signing risks.

Cardano Foundation CEO Frederik Gregaard has warned that a critical infrastructure gap exists around accountability for autonomous AI agents as they become more widely used. He argues that organizations must be able to clearly identify who authorized an AI action, what constraints were set, and where responsibility lies when serious mistakes occur. At the same time, Cardano's ADA has been integrated into DFX.swiss via the Open Crypto Pay standard, enabling users to pay with ADA in 137 SPAR stores across Switzerland.

In 2026, the FBI arrested John "Lick" Daghita in the Caribbean on accusations that he diverted $46 million in seized crypto assets from US Marshals Service wallets via his role at Command Services & Support, Inc. Investigations tied his addresses to funds allegedly siphoned in 2024 after he reportedly boasted about the theft to another offender. The case emerges amid broader crypto crime trends, including billions in stolen assets, large exchange hacks and growing threats from malware and operational security failures.

In 2026, security researchers warned that the Coruna exploit kit is abusing 23 iOS vulnerabilities to compromise iPhones and drain on-device crypto wallets. The malware scans for BIP39 seed phrases, private keys, QR codes and wallet data from apps such as MetaMask, Bitget Wallet and Trust Wallet when users visit malicious gambling or token-related sites. Evidence suggests at least 42,000 devices have been affected, and mobile traders are being urged to move funds to hardware cold storage.

Google's threat intelligence team reported that a new exploit kit dubbed "Coruna" targets iPhones running iOS 13.0 to 17.2.1 and has been used on fake crypto websites to capture wallet seed phrases. The toolkit, first identified in February 2025, contains multiple iOS exploit chains and was later found on spoofed Chinese financial and exchange sites seeking user funds and sensitive data. Security researchers say the tool may be linked to surveillance customers, while some industry experts dispute claims it originated from US intelligence code.

Cybersecurity researchers report that "ClickFix" attacks are now being used by scammers posing as venture capital firms on LinkedIn and by hijacking the QuickLens Chrome extension. The VC-themed campaign lures victims into fake video calls, while the compromised extension was updated with malware after a February 1 ownership change and reached around 7,000 users before removal.

BMIC, an Ethereum-based initiative, is developing a quantum-native wallet and finance stack that combines post-quantum cryptography, ERC-4337-style smart accounts, and AI monitoring. The project's token presale targets €40 million with up to 50 tiers priced from $0.048485 to $0.058182, allocating 750 million of a 1.5 billion supply.

According to a first-hand account updated on March 1, 2026, a crypto and Web3 professional narrowly avoided installing malware after joining what appeared to be a routine Microsoft Teams call set up via a familiar Telegram contact and Calendly link. The attackers used a spoofed Teams domain that blocked mobile access, then pressured the target on desktop to run a PowerShell command fetching code from teams.livescalls.com. The incident highlights how compromised industry accounts and realistic meeting interfaces are being weaponized to target high‑value crypto participants and potentially drain wallets or steal credentials.

On February 28, 2026, XRP Ledger developer and Xaman founder Wietse Wind warned XRP wallet users about scams using fake NFT "passes" and imitation Xaman domains to drain funds. He urged holders to cancel unsolicited offers, avoid interacting with suspicious NFTs and never share wallet secrets or sign unclear transactions.

Solana-based Step Finance and affiliates SolanaFloor and Remora Markets said they will cease operations, citing a late January wallet compromise that siphoned an estimated $30 million and unstaked 261,854 SOL. The teams halted parts of the platform, reported roughly $4.7 million recovered, and plan a STEP buyback and Remora rToken redemptions for holders.