AI Agents Handling Crypto Wallets Need Human-Controlled Signing, Developer Argues

·1 views

A February 2026 incident involving an AI agent called Owockibot, which leaked its own hot wallet private keys, highlighted the risks of giving autonomous agents direct control over funds. With IBM and Salesforce projecting over a billion AI agents operational by end of 2026, concerns are growing about agents that can hold assets and sign transactions without human approval. A developer has proposed a design pattern separating an agent's decision-making from its ability to authorize transactions, ensuring the cryptographic signing step remains mechanically out of the agent's reach. Under this model, an agent can evaluate options and propose transactions, but a human must provide confirmation through a separate, agent-inaccessible channel before any funds move. The approach is intended to prevent compromised or misbehaving agents from self-authorizing actions, making the system fail closed rather than open when confirmation is absent.

Read the full story at DEV Community

This is an AI-generated summary. ShortSingh links to the original source for the complete article.

Discussion (0)

New Databricks Tool Bars LLMs from Doing Cost Arithmetic to Prevent Financial Errors

A developer has released a cost-analysis tool called databricks-cost-leak-hunter, part of the databricks-pack v2 rebuild on the claude-code-plugins marketplace, designed to identify spending inefficiencies in Databricks workspaces. The tool's core design principle is that the AI model is architecturally prevented from performing any dollar calculations itself, as LLM-generated financial figures can be plausibly wrong while appearing credible and well-formatted. Instead, all monetary values are derived directly from the customer's own billing tables by joining system.billing.usage with system.billing.list_prices via SQL, ensuring figures reflect what Databricks actually charged. The skill also includes a fail-fast permission check that halts execution and returns precise remediation steps if the required data access grants are missing. The tool received a grade of B (88/100) from the marketplace validator with zero errors reported.

0 comments Read more at DEV Community

ProgrammingDEV Community ·

What Hiring Managers Really Evaluate in the First Call After Your CV Clears

When a CV passes initial screening, many developers prepare heavily for technical questions, but the first call typically focuses more on communication style and collaboration fit than coding ability. Engineering leads use this conversation to assess whether a candidate can explain decisions clearly, handle ambiguity, and understand how remote contractor work operates. Candidates often lose ground not on technical skills but on rhythm — either over-preparing rehearsed answers or failing to engage in a natural, two-way dialogue. Reassuring interviewers about timezone availability tends to backfire, as remote teams prefer hearing concrete examples of how a candidate has managed asynchronous work in the past. The strongest calls feel like a mutual problem-solving conversation, where the candidate asks informed questions and treats the exchange as a two-way assessment rather than a one-sided test.

0 comments Read more at DEV Community

ProgrammingDEV Community ·

Solo Developer Uses Browser LocalStorage to Power Tag System in Chrome Extension

A solo developer building a Chrome extension called Tab Reminder encountered challenges managing user-scheduled tabs with a simple key-value storage approach. To address this, they implemented a tag-based categorization system using the browser's localStorage API, linking user-defined tags to specific tabs. The solution relied on a combination of JavaScript arrays and objects to enable efficient querying and updating of stored data. This approach allowed users to better organize and prioritize their scheduled tabs within the extension. The developer shared the experience as a practical lesson in thoughtful data management, even for small utility tools.

0 comments Read more at DEV Community

ProgrammingDEV Community ·

Developer builds browser-only JSON toolkit using WebGPU to keep data private

A developer created JSONForge, a browser-based JSON toolkit that processes all data locally without sending it to any server, addressing privacy concerns around widely used online JSON formatters. The tool leverages WebGPU to offload heavy parsing, formatting, and diffing tasks to the GPU, keeping the browser responsive even with large files. JSONForge includes features such as visual diff comparison, real-time schema validation, and an in-browser schema inference engine powered by a small local model. Because no network requests are made for core functionality, the tool works fully offline, making it usable in low-connectivity environments. The developer released it as a paid product to ensure long-term sustainability.

0 comments Read more at DEV Community