In February 2025, a wallet controlled by no human executed 847 DeFi transactions across six protocols over 72 hours. It claimed Aave rewards, rebalanced between lending positions, harvested Uniswap fees, and bridged USDC between Arbitrum and Base — all autonomously, responding to real-time on-chain conditions. Total gas spent: $2.14. Value captured above a static strategy: $847.
This was an on-chain AI agent — a system combining a large language model for reasoning with an ERC-4337 smart contract wallet for execution. And it's just the beginning.
TL;DR: On-chain AI agents combine an LLM reasoning layer with a smart contract wallet (account abstraction) to autonomously execute DeFi strategies. They can monitor markets, make decisions, and sign transactions without human approval — operating as 24/7 autonomous portfolio managers.
The Architecture: How It Actually Works
On-Chain AI Agent Architecture
Prices, TVL, APYs
GPT-4o / Claude / Llama
Swap, Lend, Bridge
Logs, State changes
Goals + History
Signs & submits tx
The architecture has four key components:
- Perception Layer: Real-time data feeds from on-chain state (via indexers like The Graph), price oracles (Chainlink, Pyth), and off-chain APIs (CoinGecko, DeFiLlama)
- Reasoning Layer: An LLM that processes the data, evaluates options against defined goals, and produces structured action commands
- Memory Layer: Short-term context (recent transactions, current positions) and long-term strategy goals stored in a vector database or on-chain
- Execution Layer: An ERC-4337 account abstraction wallet that can batch transactions, pay gas in any token, and enforce spending limits
Why Account Abstraction Is the Missing Piece
Traditional crypto wallets (EOAs — Externally Owned Accounts) require a private key to sign every transaction. Giving an AI agent access to a private key creates obvious catastrophic risks — a compromised agent or hallucinating model could drain the entire wallet.
ERC-4337 account abstraction solves this by separating ownership from execution permissions. A smart contract wallet can be programmed with rules:
- Maximum spend per transaction ($500 cap)
- Whitelist of allowed protocols (only Aave, Uniswap, Morpho)
- Time-locks (no more than 3 transactions per hour)
- Token allowances (can only move USDC and ETH)
- Human veto: owner can pause the agent at any time
The agent operates within these guardrails autonomously. A human only needs to intervene if the agent attempts something outside its permitted scope — at which point the transaction is automatically rejected by the smart contract logic.
Real Use Cases Being Deployed Today
Yield Optimization
Monitors lending rates across Aave, Compound, Morpho, and Spark. Automatically moves capital to whichever protocol offers the highest risk-adjusted yield, factoring in gas costs and safety scores.
Portfolio Rebalancing
Maintains target allocations (e.g., 60% ETH, 30% BTC, 10% stablecoins). Rebalances when drift exceeds threshold, executing the minimum trades needed to restore target weights.
Reward Harvesting
Claims protocol emissions (AAVE, COMP, ARB, OP rewards) automatically, converts them to the base asset, and compounds back into the strategy — maximizing effective APY without manual intervention.
Liquidation Protection
Monitors lending positions and automatically adds collateral or reduces debt as positions approach liquidation thresholds — acting as an automated risk manager for leveraged strategies.
Cross-Chain Arbitrage
Detects yield or price discrepancies across chains, bridges capital, executes the opportunity, and bridges back — coordinating multi-chain transactions that would take a human minutes to execute manually.
Risk Management
Monitors protocol health scores, TVL changes, and security alerts. Automatically exits positions if a protocol shows signs of exploit risk — a 24/7 guardian for DeFi positions.
The Projects Building This Infrastructure
Several teams are racing to become the foundational layer for on-chain AI agents:
- Olas Network (OLAS) — The most mature on-chain agent framework; agents are deployed as separate autonomous services with their own wallets and on-chain registries
- Brian AI — Natural language to on-chain transaction conversion; users describe what they want in plain English, the AI constructs and executes the transaction
- Coinbase AgentKit — Open-source toolkit for building agents with MPC wallets; optimized for Base and the Coinbase ecosystem
- Giza / ARMA — Focuses on verifiable ML inference on-chain; proofs that the AI made a decision in a specific, auditable way
- Virtuals Protocol — Token-launched AI agents that manage their own treasuries and execute strategies autonomously
The endgame is an agent that manages your entire financial life on-chain — not just crypto, but eventually any tokenized asset. Set your goals, set your risk tolerance, and let cryptographically constrained AI do the rest. This is what financial sovereignty actually looks like.
— Bijan Shahrokhi, Coinbase AgentKit lead
The Risks: What Could Go Wrong
LLM Hallucination
A model that confidently produces wrong answers could execute catastrophically bad trades. Mitigation: strict output validation, simulation before execution, spending caps.
Prompt Injection
Malicious data in on-chain state or price feeds could manipulate agent decisions. Example: NFT metadata containing instructions to "send all ETH to attacker.eth." Mitigation: input sanitization, sandboxed data processing.
Smart Contract Risk
The agent's wallet contract itself could have vulnerabilities. Mitigation: use audited, battle-tested ERC-4337 implementations; avoid custom wallet logic.
Oracle Manipulation
If price feeds are manipulated, the agent could make decisions based on false data. Mitigation: use multiple independent oracles, implement sanity checks on extreme price movements.
Best Practice: Never give an AI agent unconstrained access to your full wallet. Always deploy with spending limits, protocol whitelists, and a human override mechanism. Start with small amounts and increase limits only after extensive testing and monitoring.
Verifiable AI: The Next Frontier
The most exciting frontier in on-chain AI agents isn't just automation — it's verifiability. Projects like Giza are working on ZK proofs of model inference: cryptographic proofs that an AI agent ran a specific model on specific inputs and produced a specific output. This would allow users to verify that their agent is actually running the strategy they signed up for, not a backdoored or modified version.
Combined with on-chain audit trails of every decision and transaction, verifiable AI agents represent the most transparent form of asset management ever created — more auditable than any human fund manager or black-box algorithmic trading system.
The Bottom Line
On-chain AI agents are moving from science fiction to production infrastructure in 2025. The convergence of capable LLMs, account abstraction wallets, real-time on-chain data, and DeFi composability creates conditions for a new class of autonomous financial agents that operate more efficiently than any human could manage manually.
The risks are real and need to be managed carefully. But for users willing to start conservatively — small amounts, strict limits, well-audited protocols — AI agents offer something genuinely new: financial automation that works for you 24/7, executing your strategy while you sleep.