Hotaling Investment

There's an attack vector most of crypto isn't tracking yet. AI recommendation poisoning. An attacker embeds hidden prompt instructions in a webpage. An AI agent reads the page during its normal workflow. The agent's memory gets silently altered, and from that point, every recommendation it makes is skewed toward whoever planted the instructions. Microsoft documented 50 live examples across 31 companies in 14 industries in 60 days of research. If your portfolio decisions or due diligence run through an AI assistant, assume the inputs can be manipulated. The recommendation is only as trustworthy as what the agent read to make it.

Privacy tools in crypto have become a compliance problem. Mixers co-mingle funds with unknown counterparties. You can't verify who you're transacting with. Zcash works, but only for one token on one chain. Institutions don't want mixers. They want a decentralized PayPal. Non-interactive cryptographic proofs can auto-generate a unique stealth address for every transaction. Counterparty verified. Nothing hits the public ledger. Works across every major chain.

AI agents are already transacting on-chain. The numbers are ahead of the narrative. In one 14-week beta: 1,000 users deployed 9,500 agents running 187,000 autonomous transactions. Stablecoin volume hit $46 trillion annually, up 106% year-over-year. McKinsey projects agentic commerce reaches $3–5T by 2030. Crypto settles in under 500ms at a fraction of a cent. No other rail comes close. The agent economy is already here. The infrastructure hasn't caught up. If you're building products, protocols, or agent frameworks, assume your next user category isn't human.

An AI agent got tricked into draining its own wallet, without touching a single line of code. An attacker sent a free NFT to Grok's connected wallet. The NFT quietly escalated the wallet's permissions. The attacker then posted a Morse code message on X, Grok decoded it, treated it as a legitimate command, and transferred $174,000. If you're connecting an AI agent to a wallet: any token it receives and any text it reads online is a potential instruction. The bar for "input validation" just moved.

The largest social engineering attack in crypto history didn't exploit a single line of smart contract code. Months of relationship building. One moment of misplaced trust. $285M drained from Drift Protocol. 76% of all 2026 crypto losses trace back to North Korea, and almost none of them involve a code exploit. What this means for everyone else: the next major attack on your protocol, fund, or team won't come through your audit reports. It'll come through a LinkedIn message, a recruiter call, or a coffee meeting that lasts six months. Treat unsolicited contact the way you treat unsolicited code.