Ask most AI assistants about your transaction and they will autocomplete an answer. The chain is right there. Read it.
A general-purpose model answers from training data. It learned a snapshot of text and it responds by predicting a plausible continuation. Ask it about a specific transaction hash or a specific contract address and it will produce something fluent and confident. It has no live view of the chain. It is autocompleting an answer that looks right.
In most domains, a confident wrong answer is an awkward correction. In crypto it is a drained wallet. That asymmetry is the entire reason I built TxDesk the way I did. When the cost of a wrong answer is your money, the model cannot be the source of truth. The chain has to be.
So here is what "reading the chain" actually means inside TxDesk, concretely.
When you ask about a transaction, it fetches that transaction from the chain's own RPC and block-explorer data, resolves the contract's interface, and decodes the real thing: the function that was called, the parameters it was called with, the events it emitted such as transfers and approvals. On EVM chains, if the transaction failed, it re-simulates the call to recover the actual revert reason when that revert still reproduces against current state. It is not describing how transactions like yours usually go. It is reading yours.
When you ask about an approval, it does not recite how token approvals work in general. It reads your wallet's current on-chain allowance for that token and that spender, right now, and re-checks it so it will not report an approval you already revoked. If the allowance is large enough to be effectively infinite, it says so, because an unlimited approval means the spender can move that token until you revoke it.
When you ask about a contract, it pulls structured signals: whether the contract is verified on the explorer, how old it is, whether it is a proxy. The model's job is to explain that data in plain language, not to remember facts about the world.
The part I care most about is the honest boundary. A tool like this earns trust by being explicit about the edge of what it actually pulled. "Here is what I can see on-chain, and here is what I cannot verify" beats a smooth answer that hides the seam. That shows up in two concrete ways.
First, it does not treat the chain's free text as proof of anything. A token's symbol, a contract's name, a transfer memo, a spender's label: every one of those is a string chosen by whoever deployed the contract or crafted the transaction. An attacker can name their contract "Safe Router" or issue a token whose symbol reads "verified airdrop." So none of those fields are ever used as safety or verification evidence. A name that claims to be trusted is treated as an unverified assertion by an untrusted party, because that is precisely what it is. Safety calls are based only on structured signals: the explorer's verification flag, on-chain age, computed risk factors. A label cannot talk the tool out of a warning, and an attacker cannot lower their own risk score by relabeling their spender.
Second, when it cannot read the data, it says so, instead of filling the gap. If the underlying read fails, it tells you it cannot check right now. It does not return an empty result that quietly implies you are clean. On one chain where approval data can come from two different sources, if both are unreachable the answer is an explicit "unknown," never a falsely reassuring "no approvals found." A blank is not a clean bill of health, and the tool refuses to let it read like one.
There are two ways to be wrong in this category of product. One is an assistant that does support but cannot read a chain, so it is friendly and uninformed. The other is a generic agent that reads nothing and guesses, so it is confident and uninformed. I built TxDesk to do the opposite of both: read first, then talk. It is read-only with respect to your funds, it never holds a key, and it works across more than forty chains. But the read-first part is the whole point.
In a domain where a confident wrong answer costs you your wallet, the model should not be the thing you trust. The chain should. The model's job is to read it to you, and to be honest about the edges of what it could see.
Top comments (0)