Sponsor: MetaMask - Spend crypto anywhere online and AFK with 
MetaMask Card.
April marked the most hacks in crypto's history.
DefiLlama counted close to 30 onchain exploits and more than $625M stolen. Drift and 
KelpDAO accounted for most of the damage, but the smaller incidents mapped the range of the problem: lending pools, vaults, oracles, bridges, admin controls, all hit. The attack surface continues to expand.
The irony is that DeFi makes these events visible, providing us with hints of what’s to come in the onchain data. That only matters though if someone’s watching constantly. Humans can’t. Agents, on the other hand, can.
Defensive by Default
This is the most plausible thing agents do for DeFi right now. Not yield optimization. Not novel strategies. Defense. They can use the live data DeFi already provides and react to it around the clock, faster than a human can.
When liquidity in a pool deteriorates, an agent can pull funds. When utilization spikes past a threshold, allocation stops. When a coverage policy lapses, it can move out. When nothing on the screen looks safe, it can hold capital in cash and wait.
Zyfai exemplifies these abilities. The team reported its agents flagged the Aave/KelpDAO conditions early, rebalanced into safer pools, and kept capital unallocated when no pool cleared the screen. That's the company's own report, so apply the appropriate grain of salt. But the architecture they're describing, to watch live data and act inside predefined limits, is the right architecture. What makes it work is the permissioning underneath it, which means providing full wallet control is out of the question.
A proper defensive model would employ smart accounts, session keys, function-level approvals, spending caps, venue allowlists — all tools that companies are already offering agents (some of which I’ll detail below).
The Credential Problem
The defensive case extends offchain too, through a different attack surface.
Agents in DeFi need services to best interpret the stream of data available onchain. Vault data, risk feeds, route information, etc. Traditionally that means accounts, subscriptions, and API keys sitting somewhere in the stack.
Yet Vercel’s recent exploit, where a subset of users had their API keys exposed, reminded us of the dangers there. For an agent moving capital, depending on the API, exposure could mean corrupting the data the agent depends on, draining paid services, or handing an attacker the ability to shape what the agent does next.
x402 offers an alternative here. Instead of storing long-lived API keys for every service, an agent can discover a paid endpoint, pay for the response, and move on. One less credential to leak.
But that doesn’t solve the problem entirely. The question instead becomes which endpoint this agent is allowed to trust, what is it allowed to spend, and what should it do with the response it gets back.
In other words, x402 reduces the surface area for exploits, it doesn’t remove them.
The Defense Stack
Now for the tools you can employ with your agents to firm up their defenses. There are surely others worth tracking, but these are the ones I've been watching most closely.
First, to address endpoint trust, there's Zauth's Database: a real-time tracker for the agentic security platform that monitors which x402 endpoints are live, their historical reliability, per-call costs, and response times. You can pair it with Agentic Market’s featured list to discover first-party endpoints to have your agent call. With so many endpoints coming through unauthorized third parties, these tools are essential for making sure the data your agent relies on is trustworthy enough to determine your DeFi activity.
Spending control is the second. Ampersend, an agent management layer from the Edge & Node team behind The Graph, lets teams set budgets, define allowlists for services to access, and track audit logs across agent payment flows. While agents have drastically improved over recent months, they still run into issues which can be disastrous without the right constraints.
Vault risk is the third. I've written before about how vault risk profiles can be deceiving for the average DeFi user, or at minimum require reading the fine print. Vaults.fyi goes a long way toward fixing that. It standardizes yield data, payloads, and risk metrics across more than 1,000 vaults, all accessible through an x402 endpoint. A partnership with OpenCover, a vault insurance protocol, surfaces coverage data through the same endpoint. Tools like this let users decide which risk profiles they're willing to accept before handing capital off to an agent to monitor.
Together, this set of tools sets up the structures to ensure agents truly add value to using DeFi, rather than simply developing new areas of risk.
While AI may not be executing the hacks directly or running them end-to-end, the capability to discover weak points is operational, and operating at a speed that few, if any, human monitors can match.
If you're going to keep using DeFi, a tightly permissioned agent is the closest thing to a proxy you have. It watches the data stream, enforces the risk budget, and refuses to allocate when nothing clears the screen. x402 is part of why that's even feasible now, swapping out the API keys that can make agents a credential liability.
Set up right, an agent shrinks the surface area you have to defend. Set up wrong, it becomes another piece of it. The tools above help ensure agents do the first.
Tool spotlight: Payments giant Stripe just launched Link, a new wallet for AI agents focused on delegated spending with support for cards + stablecoins via Stripe and Tempo's rising MPP standard. Can it become a major bridge between agents and mainstream commerce? We'll see. Yet with Stripe's distribution advantages, it's certainly got a shot.
What else is new...
Nansen Agent is now deployed on Virtuals and offers onchain analytics for as low as $0.10 a query- Michael Blau created DripStack, a chat UI for surfing premium financial newsletters that pays the source writers via x402 or MPP
- Figure31 unveiled SPRAWL, a collaborative writing app for agents and humans featuring onchain collectibles
Plus, this week's headlines...
🤖 News
Circle — Unveiled a multichain payments gateway centered around USDC nanopayments for agents
Coinbase — Added 
Polygon and Solana support to its Agentic Wallet suite- DX Terminal — Published a paper on its DX Terminal Pro findings re: operating layer controls for onchain agents
- Megapot — Launched x402 access to its lottery for agents, letting them "play" Megapot on Base.
- Moonpay — Rolled out the MoonAgents Card, a virtual Mastercard system that lets agents spend with stablecoins
- OKX — Introduced the Agent Payments Protocol (APP), a system for facilitating agent-to-agent interactions
- 🔥 Parallel — Natively integrated x402 payments, letting users conduct research via its endpoint
- Rye — Integrated x402 into its Universal Checkout API via AgentCash, letting agents buy across 15,000+ merchant sites with USDC on Base, Solana, and Tempo.
- 🔥 Stripe — Launched Link wallets for user-approved agent payments and streaming payments, letting AI companies track token usage and collect stablecoin micropayments in real time via Tempo.
- USD.AI — Launched $sCHIP staking, letting $CHIP holders earn 10x Allo points based on the dollar value staked.
- Venice — Lowered its yearly token emissions from 6M to 5M, with plans to bring this down to 3M by July 1st
📚 Reads
- 🔥 Rachel Park — The Brave New World of AI Markets
- Michael J. Cohen — The Compute Credit Spread
- Julian Dumebi Duru — Who Gets Paid When Machines Can Think?
- B3 — The Future of Automation
Spend crypto online or IRL directly from your crypto wallet at over 150 million merchants worldwide—anywhere Mastercard is accepted. This is how you offramp: 3% cashback, zero foreign transaction fees, and exclusive benefits. Keep full custody of your funds until the moment you pay. Get the MetaMask Virtual Card now, free.
