tapioca.money

Summary — for non-technical readers

An AI that moves real money between crypto platforms to optimize what the user earns — without the user having to babysit it every day.

We built the safety brakes: the AI can only touch the money the user authorizes (like a credit card with a daily limit), previews every move before making it real, and leaves a visible history of every decision. The user can revoke access at any moment, without calling support.

The key question wasn’t “how do we make the AI earn more?” — it was “what happens when it gets it wrong, and how big can the damage get?” The architecture answers that question first.

The diagnosis

“An AI that moves user funds between crypto platforms has to answer one question before any other: when this goes wrong, how big can the damage get?”

Yield optimization is an ideal case for AI — platforms publish their rates, the work is repetitive, and users don’t want to babysit it every day. But handing an AI the keys to user money is the problem. Generic “how to build autonomous AI” tutorials skip the part where the AI touches money that doesn’t belong to it.

What we structured

Limited permissions — the AI doesn’t get general access, but a narrow, controlled slice:

• Permissions by type, amount, and time — the AI can only move certain currencies, up to a certain limit, and the permissions expire automatically after 7 days
• A short list of what it can touch — a single document defines exactly which currencies the AI can work with and under what ceilings
• Preview before applying — every AI move is tested first (without touching real money) and only executes if it passes the test
• Revocable in one click — the user can cut off the AI’s permissions from the interface, without calling support
• Secure storage — strong encryption for the keys · usage controls · locks that prevent the system from running twice at the same time

The AI doesn’t “have access to the wallet.” It has access to a narrow, expiring, preview-tested, rate-limited, revocable slice of it — and the document that defines that slice is something anyone can read.

What we shipped

• Automatic optimization across multiple currencies — the AI distributes user money across several crypto platforms looking for better returns
• Works with any wallet type — both the product’s built-in wallets and external ones the user already has (MetaMask, Coinbase)
• The user doesn’t pay network fees — the system covers the technical costs underneath
• Automated daily work — the AI reviews and rebalances every day, in small batches, with a health panel that reports whether everything is going well
• Full visible history — the user sees every action the AI takes, not just the final result
• Designed with taste — a crypto product that doesn’t look like a Wall Street terminal

Technical evidence

For readers with a technical background, here’s how it’s built underneath:

• ZeroDev Kernel V3 session keys — scoped per token, with per-asset approve/transfer caps and 7-day expiry
• SUPPORTED_TOKENS registry — the single artifact that defines what the agent is allowed to touch (USDC, WETH, cbBTC, EURC) and under what ceilings
• On-chain simulation before every agent transaction, before it’s sponsored
• Dual wallet path — EIP-7702 for Privy embedded wallets, ERC-4337 for external wallets, with a feature flag for graceful fallback
• Gasless UX — Bundler + Paymaster sponsor every user operation
• Daily cron — 50 users per batch, concurrency 10, with a /api/agent/health endpoint reporting DB, bundler, vault, and agent-metrics status
• AES-256-GCM encryption for session key storage · Redis-backed rate limits · distributed locks for cron safety
• Protocols covered on Base mainnet — Morpho, YO Protocol, Aave, Moonwell

What this proves

Autonomous AIs don’t fail because they’re dumb. They fail because the boundary of what they can and can’t do was never written down. Tapioca’s permissions registry and preview-before-execute is what “AI in real use with money on the line” actually means.