The problem
Over $1.7B+ a year is lost to crypto phishing, and the most common vector is the humble unlimited token approval. You click "approve" on a malicious dApp once, and a contract can drain that token whenever it wants. Manual revocation tools require constant vigilance — by the time you notice, it's gone.
What ShieldAI does
ShieldAI removes the human from the critical path. It runs as an agent with delegated, narrowly-scoped authority over your smart account, so it can act the instant a threat appears — without you signing anything in the moment.
How it works
- Monitors all approvals in real time via Envio HyperIndex
- Analyses contract bytecode with AI to spot malicious patterns
- Revokes dangerous approvals via MetaMask Delegations
- Protects continuously — no manual intervention required
The hard part
EOAs can't sign delegations, so ShieldAI uses MetaMask Hybrid Smart Accounts via the Delegation Toolkit to grant the agent revoke-only authority. That scoping matters: the agent can defend you, but it can't move your money. Built and demoed on Monad testnet.