LUXBIN Shield

Inspiration

In 2020, I lost access to my first crypto wallet. A scam email is what got me curious about how any of this actually worked. I didn't know what an API was. I
definitely didn't know what a drainer bot was.

I learned the hard way — and so has everyone else. Over $3 billion is lost to wallet drainers and phishing attacks every year. The attack pattern is brutally simple: a bot watches a compromised address on the mempool, and the moment any ETH lands, it sweeps everything out — often in under 3 seconds.

I built the original drainer rescue tool because I needed it to exist. LUXBIN Shield is that tool, now upgraded with the AI layer it always needed.

## What It Does

LUXBIN Shield is a three-layer wallet security platform:

Layer 1 — Blockchain Analysis Scans the compromised wallet for ETH, ERC-20 tokens, NFTs, and active approvals. Runs transaction history through a drainer detection algorithm that identifies deposit-sweep patterns. A wallet with a bot sweeping within $t$ seconds of each deposit, where:

$$t \leq 30 \text{ seconds}$$

is flagged as HIGH RISK and triggers Flashbots Atomic Bundle mode automatically.

Layer 2 — AI Threat Intelligence (You.com) Every scan feeds into the You.com RAG API, which performs real-time web search to generate risk-matched rescue recommendations — pulling from live Flashbots documentation, known drainer destinations, and current security research. Not generic advice. Advice calibrated to your specific sweep count, bot gas estimate, and destination address.

Layer 3 — Voice Briefing (Deepgram) Once the threat level is determined, Deepgram's Aura voice delivers an audio briefing. Because when a drainer bot is active, you shouldn't be reading — you should be acting. Falls back to browser Web Speech API so it works everywhere.

## How I Built It

The existing rescue engine was already real — ethers.js talking directly to the blockchain, Flashbots for private mempool submission, atomic bundles where the funding transaction and rescue transaction execute in the same block.

For the hackathon I built the AI layer on top:

/api/threat-intel — Next.js server route that takes the wallet's risk profile and queries You.com's RAG endpoint. The query is dynamically constructed based on risk level, sweep patterns, and bot destination so the AI context is always relevant.
/api/voice — Deepgram TTS route using the aura-asteria-en model. Takes a dynamically generated alert script based on the actual threat data and returns audio/mpeg.
AIShieldPanel — React component that auto-fetches threat intel when a scan completes, renders the AI analysis with live web sources, and exposes a one-click voice alert button.

Everything is 100% client-side for the sensitive parts — private keys never leave the browser, never touch a server. The AI routes are stateless proxies with no logging.

## Challenges

The timing problem is the core technical challenge of the entire product. A drainer bot's advantage is speed. The rescue strategy depends on calculating whether your priority fee $p$ satisfies:

$$p > p_{\text{bot}} \times 1.5$$

where $p_{\text{bot}}$ is estimated from the bot's historical gas usage. Get it wrong and the bot front-runs you. The drainer detector reverse-engineers this from Etherscan transaction history.

Atomic bundles were the hardest part to get right. A standard Flashbots bundle needs to predict the exact block, calculate gas precisely, and sign two transactions from two different wallets atomically. If either transaction reverts, the whole bundle drops silently — no error, no gas spent, nothing. Debugging silence is hard.

The AI context problem — generic threat intel is useless. "Be careful of drainers" helps no one. The You.com integration required carefully constructing queries that encode the specific threat signature so the AI response is actually actionable for that wallet's situation.

Building this alone, overnight, as a disabled self-taught developer and mother of four — that's always the hardest part. And the most motivating.

## What I Learned

You.com's RAG API is genuinely impressive for security use cases — the real-time web search means it surfaces current exploit patterns and Flashbots docs that a static model would miss. Deepgram's latency is fast enough to feel instantaneous even for paragraph-length alerts.

The deeper lesson is one I keep relearning: the best security tools are the ones people will actually use under pressure. That's why the voice alert matters. When your wallet is being drained, a calm AI voice telling you exactly what to do next is worth more than any dashboard.

## What's Next

LUXBIN Shield is part of a larger ecosystem. The quantum-resistant cryptography layer from quantum-wallet-security will eventually replace the classical signature schemes here — because the drainer bots of 2030 won't be racing you on gas fees. They'll be breaking your keys.

We're building for that future now.

What it does

How we built it

Challenges we ran into

Accomplishments that we're proud of

What we learned

What's next for LUXBIN Shield

Built With

api
css
deepgram
ethers.js
flashbots
next.js
node.js
react
tailwind
typescript
vercel
you.com

Updates

Nichole Christie started this project — Feb 19, 2026 02:44 PM EST

Leave feedback in the comments!

Log in or sign up for Devpost to join the conversation.