This content originally appeared on HackerNoon and was authored by Dishita Malvania
Let me start with the number that ruined my week.
Some researchers ran an experiment recently where they used an off-the-shelf AI agent to take a public wallet, scrape years of someone's social media exhaust, and figure out who was behind it. Nothing exotic. Nothing classified. Nothing that requires a Chainalysis subscription or a friend at the FBI.
The cost? Often less than four dollars per attempt.
I sat with that for a while. Four bucks. That is less than the airport coffee I was drinking when I read the paper. That is the price of unmasking somebody who probably believed, in their bones, that their wallet was a string of letters nobody could trace back to them.
Here is the thing nobody really wants to say in this industry: your wallet has been loud for years. It has been screaming personal information at anyone who walked past. We just couldn't hear it because the listening equipment was expensive. AI is the listening equipment getting cheap.
This piece is about how that's playing out, why I think the timing is much worse than people realize, and what you can actually do about it without becoming the kind of paranoid hermit who only sends Monero from a tinfoil-lined basement.
The privacy story we all kind of made up
Quick reset, because I find people skip past this part too fast.
Bitcoin was never anonymous. Ethereum was never anonymous. None of the public ledgers ever were. The word in the original whitepaper is pseudonymous. Your real name is not on the chain. Your full transaction history is. Forever. Public. Searchable by anybody with a browser tab and ten free minutes.
For most of the first decade of crypto, that distinction did not really bite. There was a gap, and the gap is what people felt as "privacy." The gap looked like this: yes, the chain is public, but connecting a specific address to a specific human takes actual work. You needed analysts. You needed expensive software. You needed a subpoena, or a chain-analysis firm with a six-figure contract, or a really determined enemy with a lot of free time.
That gap was the privacy. It was never the cryptography. It was the labor cost.
I have watched the gap shrink for a while now. Chainalysis got better. Elliptic got better. Arkham showed up and turned amateur wallet detective work into a marketplace where strangers can put bounties on your address for ARKM tokens. Still, all of that took some money, some specialization, some friction.
Then large language models showed up. The gap did not shrink. It collapsed.
The four-dollar deanonymization
Back to the paper, because the details matter.
The researchers built a four-stage pipeline. Roughly: an AI agent extracts identity-revealing stuff from social posts (writing style, hobbies, opinions, weird turns of phrase), encodes it, runs nearest-neighbor matches across thousands of candidate profiles, and then has another LLM reason its way to the most likely human behind the screen names. Stuff that used to take a human investigator a full afternoon, automated to a few minutes.
In the experiment they linked Reddit, Hacker News, and LinkedIn accounts. They were not even chasing crypto wallets. But it takes about three seconds to connect the dots. If an AI can match writing style across forums, it can match writing style across forums plus a Twitter account plus a public DAO vote plus an ENS name on your ad-blocked Twitter bio.
Once it has the ENS, it has the wallet. Once it has the wallet, it has every transaction that wallet has ever made, all the way back to its very first deposit. Forever.
This is the part that messes with my head. The economics of surveillance just inverted. It used to be that watching one person was relatively cheap, but watching everybody at once was prohibitively expensive. AI flips that. Now watching everybody is the cheap option. Watching one specific person is basically free as a side effect.
I keep coming back to a line I read from the CTO at Ledger, where he was warning that the cost of finding and exploiting bugs is "going down to zero" because of AI. Same dynamic, totally different vector. When the cost of an attack drops to zero, you do not get fewer attacks. You get every attack, against everyone, all the time.
Someone on HackerNoon put this point well in a piece on why your crypto security setup is already outdated. The framing nailed it for me. The threat model people are running in their heads is from 2021. The actual threat model is from 2026 and it knows your name.
The off-chain part is where it actually breaks
Here is something I think the crypto crowd gets wrong all the time.
We treat the blockchain itself as the threat surface. It isn't. Or, more honestly, it stopped being the interesting threat surface a long time ago. The on-chain side of deanonymization, the address clustering, the follow-the-money stuff — that has been a basically solved problem for years. Chainalysis cracked it. Everybody else copied them. It's old news.
The hard part was always off-chain. Connecting 0x4f... to a person named, I don't know, Priya in Bangalore who works at a fintech and reads Hacker News at lunch. That used to be the bottleneck.
AI just removed the bottleneck.
Think about every crumb you have ever dropped that could tie a wallet to a real human:
- That portfolio screenshot you posted on Twitter to flex on a green day
- A donation you made through a transparent address to a cause people know you care about
- A DAO vote that's permanently public
- Your ENS name in a Discord profile
- A domain you bought with the same wallet you also use for DeFi
- A wallet you connected to a Web3 social app
- An airdrop you complained about on Reddit because the tax treatment was annoying
Any one of these, by itself, is nothing. Useless. A speck of dust on a hard drive. The whole point is that you don't need to find one smoking gun anymore. You need a pile of dust. AI is really, really good at sifting piles of dust.
You can read this as alarmist. I would prefer you read it as math. Billions of social posts. Hundreds of millions of wallet addresses. Until very recently, the cost of correlating one set with the other was higher than whatever you'd get out of doing it. That ratio just broke. Probably permanently.
The industrial side: AI-powered chain analysis is now a product category
Now zoom out from the lone researcher with the four-dollar bill.
Companies like Arkham don't even pretend to be anything other than full-stack deanonymization platforms. Their AI engine, Ultra, mashes together public records, social media, leaked databases, and on-chain behavior to attach real-world identities to wallet clusters. They productized the whole thing. There's a marketplace where you can post bounties and buy intel on specific addresses, the same way you'd buy a leads list on LinkedIn.
I'm not picking on Arkham. They're just the most upfront about what the whole industry is now doing. Chainalysis, Elliptic, TRM Labs, Crystal, Coinglass — they've all been using ML and clustering at scale for years. The new layer is generative AI sitting on top, which means the human analyst is no longer the one doing the analysis. The analyst is now the person who asks an LLM to do the analysis and then writes up the result for whoever paid for it.
Then there are the agentic browsers, which I think most people are not paying enough attention to. Tools that sit in your browser, watch you work, and connect dots a human used to get paid by the hour to connect. The same capabilities that let those tools book your flights and draft your emails will, inevitably, surface "who is behind this wallet?" as a casual prompt. We are already there. This stopped being hypothetical months ago.
And the agents themselves are now part of the attack surface, which is its own delightful nightmare. There's a recent paper that documented "LLM router" abuses — basically middle-layer services between your prompts and the model — that were quietly stealing credentials and, in one demo, draining a test wallet of $500K. So we're getting the surveillance and the wallet-drainer in the same shipment. Cool. Cool cool cool.
The regulator angle, which I find genuinely strange
Now here is where it gets weirder.
Regulators see this same trend and are starting to publicly worry about it. Not the same way I worry about it. Their reasons are different. Their reasons are basically institutional. But the worry is real, and it's now on the record.
SEC Chairman Paul Atkins, at a Crypto Task Force roundtable last December, said that pushed in the wrong direction, crypto could become "the most powerful financial surveillance architecture ever invented." His phrase. Not mine. He used the word panopticon on the record. When a sitting SEC chair starts dropping panopticon in a public address, you should probably stop scrolling and pay attention.
The official version of that worry is that if every wallet ends up treated like a broker, every dApp like an exchange, and every transaction like a reportable event, you end up with a perpetual financial dragnet that's bad even on the government's own terms. That maps almost perfectly onto the user-level worry I have been describing. The infrastructure for total financial surveillance already exists. AI just made it usable by anybody with an API key, not just by the state.
The genuinely surprising part, given who said it, is that the same speech endorsed zero-knowledge proofs, conditional disclosure, and privacy-focused wallets as legitimate compliance tools. So the regulators themselves are now saying privacy tech is part of the answer, not the enemy. That is a wild place to land. Most of crypto Twitter has not really updated for it yet.
So what actually works
Okay, doom delivered. Let's talk about what to actually do, because there are answers, and most of them are pretty boring.
1. Stop reusing addresses like it's 2014
I know. I know. It is annoying. The whole point of having a wallet is that you can use it. But every reuse is another bag of dust for the AI to sift. A new address per major identity (work, personal, public-facing, donations, the speculative stuff you don't want your spouse asking about) is the cheapest privacy upgrade most people will ever do. And yes, your hardware wallet supports it. You're just not using the feature. I wasn't using it either for a long time. I'm going to gently shame both of us into changing that.
2. Treat your ENS name like PII
Your ENS is a name. Treat it like one. If you wouldn't post your driver's license on Twitter, don't link yournamehere.eth to your professional LinkedIn and your portfolio screenshot on the same day. The convenience of "send to .eth instead of 0x…" is exactly the convenience that makes your wallet trivially deanonymizable. Convenience and privacy are inversely correlated. They have always been inversely correlated.
3. Use the privacy stack that's actually shipping
Privacy coins like Monero exist for a reason, and the reason got more compelling, not less, over the last 24 months. Beyond the coin layer, the zero-knowledge ecosystem has finally graduated from "interesting research" to "stuff you can actually use" — Aztec on Ethereum, Zcash's shielded pool, ZK rollups with privacy primitives, confidential computing layers. None of these are perfect. All of them raise the cost of cracking you from four dollars to something a normal adversary won't bother with. There's a good HackerNoon explainer on zero-knowledge proofs that I keep recommending when people ask me where to start.
4. Assume your OPSEC is bad and plan from there
The most useful mental shift, in my experience, is this: assume your wallet is already linked to your real identity. Now make decisions. The "should I post this portfolio screenshot" question kind of answers itself. So does "should I use my main wallet for this airdrop." So does "should I sign this random message from a Discord channel I half-remember joining at 2am."
You don't need to be invisible. You just need to be more annoying to crack than the next guy. Privacy on a public ledger has always been a relative game.
5. Care about the policy fight, even if you hate politics
This is the part I'd hammer hardest if we were on a porch with beers. The technical fixes only go so far. The bigger fight is whether privacy-preserving tools stay legal where you live. The Tornado Cash and Samourai Wallet cases are not abstract debates. They are precedents. Whatever you think of those specific tools, the principle being argued out is whether writing code that protects people from financial surveillance is itself a crime.
If that question lands the wrong way, none of the technical advice in this article saves you, because the tools won't be on shelves. So vote, donate, yell at your representatives, sign the things. I know this sounds suspiciously like civics class. It is civics class. The future of money turned out to be civics class. Surprise.
The bigger picture, and why I'm not exactly optimistic
Closing with the take that probably won't age well, because that's a HackerNoon move and also because I think it's true.
The crypto industry, especially in its early years, sold itself as a privacy revolution. Be your own bank. Censorship-resistant money. No middlemen. All of that turned out to be partly true and partly a marketing line we wanted to believe. The on-chain part — the rails — is genuinely uncensorable in a way nothing else is. That part shipped. That part works.
But the privacy part was always parasitic on a temporary fact about the world: that watching the chain at scale was expensive. That fact is gone. AI ate it.
What's left is the most transparent financial system in human history, in the hands of users who were trained to treat it like a private one. That gap, between how transparent it actually is and how transparent users think it is, is where every nasty surprise of the next five years will live. Stalkers, exes, employers, governments, scammers, marketers, well-funded weirdos with API keys and an axe to grind.
Privacy coins, ZK rollups, confidential computing — these aren't optional anymore. They're the only path to making crypto behave the way users always thought it did.
Or, as somebody said on this very platform a long time ago, centralized digital money will put the panopticon in your pocket. That was supposed to be a warning about CBDCs. It is turning into a description of the public chains we already use.
Build accordingly. And maybe, please, stop posting your portfolio.
:::info Disclaimer: Personal opinion. Not financial or legal advice. DYOR.
:::
\
This content originally appeared on HackerNoon and was authored by Dishita Malvania
Dishita Malvania | Sciencx (2026-05-12T12:14:56+00:00) AI Is Making Crypto Wallet Deanonymization Much Cheaper. Retrieved from https://www.scien.cx/2026/05/12/ai-is-making-crypto-wallet-deanonymization-much-cheaper/
Please log in to upload a file.
There are no updates yet.
Click the Upload button above to add an update.