$3.35 billion "Account Tax": When EOAs become systemic costs, what can AA bring to Web3?

null

In 2025, the Web3 world is not lacking grand narratives, especially as regulatory shifts are completed and stablecoins are gradually integrated into the TradFi system. Discussions around “compliance,” “mainstream adoption,” and “the next phase of order reconstruction” have almost become the main theme of the year (see extended reading: “2025 Global Crypto Regulatory Map: The Beginning of the Mainstreaming Era, a Year of Crypto and TradFi ‘Convergence’”).

However, behind these seemingly high-level structural changes, a more fundamental yet long-overlooked issue is emerging: the accounts themselves are becoming a systemic risk source for the entire industry.

Recently, CertiK released a security report with a striking figure: in 2025, there were 630 security incidents across Web3, with total losses of approximately $3.35 billion. If we only look at this total, it might just be another annual recitation of the severe security situation. But when breaking down the incident types, a more alarming trend emerges:

A significant portion of losses did not stem from complex smart contract vulnerabilities or protocol breaches but occurred at a more primitive and unsettling level—phishing attacks. There were 248 phishing-related incidents throughout the year, causing about $723 million in losses, slightly exceeding the number of code vulnerability attacks (240 incidents, approximately $555 million).

In other words, in many user loss cases, the blockchain itself did not malfunction, cryptography was not broken, and transactions fully complied with the rules.

The real problem lies with the accounts themselves.

1. EOAs are becoming Web3’s “historical problem”

Objectively, whether in Web2 or Web3, phishing has always been the most common way for users to lose funds.

The difference is that, in Web3, the introduction of smart contracts and irreversible execution mechanisms often lead to more extreme outcomes when such risks materialize. To understand this, we must return to the most basic and core account model in Web3: the EOA (Externally Owned Account).

Its design logic is extremely pure: the private key represents ownership, signatures represent intent. Whoever controls the private key has full control over the account. This model was revolutionary in early stages, bypassing custodians and intermediaries, directly returning asset sovereignty to individuals.

But this design also implicitly relies on a highly radical premise: that users will not fall for phishing, will not make operational errors, and will not make poor judgments under fatigue, anxiety, or time pressure. As long as a transaction is signed, it is regarded as a true expression of the user’s intent, fully understood.

But reality is far from this ideal.

The frequent security incidents in 2025 are direct results of this assumption being repeatedly broken. Whether induced to sign malicious transactions or completing transfers without thorough verification, the commonality is not technical complexity but the account model’s lack of tolerance for human cognitive limitations (see extended reading: “From EOA to Account Abstraction: Will the Next Leap in Web3 Happen at the ‘Account System’?”).

A typical scenario is the long-standing approval authorization mechanism on-chain. When a user authorizes an address, it essentially allows that address to transfer assets from the user’s account without further confirmation. Logically, this design is efficient and straightforward; but in practice, it often becomes the starting point for phishing and asset draining.

For example, the recent incident involving a $50 million address poisoning attack, where the attacker did not attempt to breach the system but instead created a “similar address” with highly similar first and last characters to lure users into hurried transfers. The flaw of the EOA model is exposed here: it’s very difficult for anyone to verify, in a very short time, whether a long string of characters—lacking semantic meaning—is correct.

Ultimately, the underlying logic of the EOA model determines that it does not care whether you are deceived; it only cares whether you “signed.”

This is why successful address poisoning cases have repeatedly made headlines in recent years. Attackers don’t need to perform resource-intensive 51% attacks; they only need to create a sufficiently similar address for poisoning, waiting for careless users to copy, paste, and confirm.

After all, EOAs cannot determine whether an address has never interacted before, nor can they recognize if an operation significantly deviates from historical behavior. To the system, it’s just a legitimate, valid transaction instruction that must be executed. A long-neglected paradox thus becomes unavoidable: Web3 is cryptographically secure but extremely fragile at the account level.

From this perspective, the $3.35 billion industry loss in 2025 cannot simply be attributed to “users being careless” or “hacker techniques improving.” Instead, it signals that once account models are scaled to real financial levels, their historical liabilities begin to surface.

2. The inevitable future of AA: Systematic correction of Web3 account systems

When large losses occur within a system that is “operating strictly according to the rules,” it is itself a major problem.

For example, CertiK’s statistics show that phishing attacks, address poisoning, malicious authorization, and mis-signing incidents all share a common premise: the transactions are legitimate, signatures are valid, and execution is irreversible. They do not violate consensus rules, nor do they trigger abnormal states; they look perfectly normal even in block explorers.

From a systemic perspective, these are not attacks but correct execution of user instructions.

Fundamentally, the EOA model compresses “identity,” “permissions,” and “risk bearing” into a single private key. Once signed, identity is confirmed, permissions are granted, and risk is borne irrevocably. This extreme simplification offers efficiency advantages in early stages, but as asset scales, participant numbers, and use cases grow, it reveals clear systemic flaws.

Especially as Web3 gradually shifts into high-frequency, cross-protocol, long-term online usage, accounts are no longer just cold wallets for occasional operations but are responsible for payments, authorizations, interactions, and settlements. Under these conditions, the assumption that “every signature represents a fully rational decision” becomes increasingly untenable.

From this angle, address poisoning continues to succeed not because attackers are smarter, but because the account model offers no buffer for human errors—systems do not ask whether this is a never-before-interacted address, do not judge whether the amount significantly deviates from historical behavior, nor do they trigger delays or secondary confirmations for abnormal operations. For EOAs, as long as the signature is valid, the transaction must be executed.

In fact, traditional finance has long provided answers: transfer limits, cooling-off periods, freeze mechanisms, permission hierarchies, and revocable authorizations all acknowledge a simple but realistic fact—humans are not always rational, and account design must leave room for error.

It is in this context that Account Abstraction (AA) begins to reveal its true historical significance. It is more like a redefinition of the essence of accounts, aiming to transform accounts from passive signature execution tools into entities capable of managing intent.

The core is that under AA logic, accounts are no longer just tied to a private key; they can have multiple verification paths, set differentiated permissions for different operation types, delay execution in case of abnormal behavior, and even regain control under certain conditions.

This is not a departure from decentralization but a correction for its sustainability. True self-custody does not mean users must bear permanent consequences for a single mistake; instead, it means accounts have built-in error prevention and self-protection capabilities without relying on centralized custody.

3. What can the evolution of accounts bring to Web3?

I have repeatedly emphasized: “Behind every successful scam, there is a user who stops using Web3. Without new users, the Web3 ecosystem has nowhere to go.”

From this perspective, security agencies, wallet products, and other industry builders can no longer treat “user misoperation” as individual negligence. Instead, they must shoulder the systemic responsibility to make the entire account system sufficiently secure, understandable, and tolerant in real-world use.

Therefore, the historic role of AA is precisely here. In short, AA is not just a technical upgrade but a systemic adjustment of security logic.

This change first manifests in loosening the relationship between accounts and private keys. For a long time, mnemonics have been regarded as the passport to Web3 self-custody, but reality repeatedly proves that this single-point key management approach is not user-friendly for most ordinary users. AA introduces mechanisms like social recovery, making accounts less tightly bound to a single private key. Users can set multiple trusted guardians, and if a device is lost or a private key becomes invalid, they can recover control through verification.

Even when AA is combined with Passkey, we can build a system that closely resembles users’ intuitive understanding of account security in traditional finance (see extended reading: “Web3 Without Mnemonics: AA × Passkey, How to Define the Next Decade of Crypto?”).

Equally important is AA’s redefinition of transaction friction. Under traditional EOA systems, gas fees are an implicit barrier to all on-chain operations. AA, through mechanisms like Paymaster, allows third parties to pay transaction fees or use stablecoins directly.

This means users no longer need to prepare a small amount of native tokens for transfers, nor do they need to understand complex gas logic. Objectively, this seamless gas experience is not just a luxury but a key condition for Web3 to break out of the early user circle.

Furthermore, AA accounts leverage smart contract native capabilities to bundle multi-step operations into atomic executions. For example, DEX transactions that previously required approval, signing, trading, and re-signing can now be completed in a single transaction—either all succeed or all fail—saving costs and avoiding invalid losses caused by mid-process failures.

Deeper changes are reflected in the flexibility of account permissions. AA accounts are no longer binary—“full control” or “completely out of control”—but can have fine-grained permission management similar to bank accounts. Different amounts can require different verification strengths; different counterparties can have different interaction permissions; even blacklists and whitelists can restrict interactions to specific secure contracts.

This means that even if private keys are leaked in extreme cases, the account still has buffers, preventing assets from being fully drained in a short period.

Of course, the evolution of account security does not rely solely on the full implementation of AA accounts. Existing wallet products can and should also bear part of the correction of the EOA model.

For example, imToken’s address book feature saves trusted addresses, so that when transferring, the account no longer relies solely on users’ immediate judgment of a hash string but prioritizes addresses from the existing address book, significantly reducing transfer risks caused by manual copying, pasting, or misjudging similar addresses.

Equally important is the industry consensus in recent years: the “What You See Is What You Sign” principle. Its core is not about showing more information but ensuring that what users sign matches what they see, understand, and expect, rather than being compressed into an incomprehensible hash.

Based on this principle, imToken structures and visualizes signing content in key steps—login, transfer, token swap, authorization—so users can truly understand what they are agreeing to before confirming. This design does not change the irreversibility of transactions but introduces a necessary rational buffer before signing, an essential step toward mature account systems.

From a macro perspective, the evolution of AA accounts is about reshaping the foundational assumptions for Web3’s next stage. Only then can the chain truly support large-scale real user adoption. Otherwise, no matter how complex the protocol or how grand the narrative, the fundamental question remains: are ordinary users willing to keep assets on-chain long-term?

In this sense, AA is not just a bonus for Web3 but a pass/fail line. It does not determine user experience quality but whether Web3 can evolve from an experimental system mainly for tech enthusiasts into an inclusive financial infrastructure for a broader population.

Final words

$3.35 billion is essentially the tuition paid by the entire industry in 2025.

This also reminds us that when the industry discusses compliance, institutional interfaces, and mainstream capital entry, if Web3 accounts still remain in the “sign/authorize once and reset” state, then the so-called financial infrastructure is built on sand.

The real question may not be “Will AA become mainstream?” but rather—if accounts do not evolve, how much future can Web3 truly carry?

This may be the most valuable security lesson that 2025 leaves for the entire industry to repeatedly ponder.