The Problem Per-Transaction Limits Cannot Solve
An agent vault with a 1 ETH per-transaction cap and 5 ETH daily limit can be drained of 38 ETH over 10 days. The attacker sends 8 transfers of 0.95 ETH, spaced 28 hours apart. Every transfer passes the policy check. The drain is invisible at the transaction level.
This is the patient drain attack. Traditional rate limits catch burst attacks. They miss patient attackers entirely.
Five Behavioral Signals
1. Cap Clustering (weight 35): 80%+ of transactions near the spending cap is not normal. Attackers maximize per-transaction extraction by clustering near the cap.
2. Temporal Regularity (weight 25): Constant intervals suggest automated draining rather than real business payments.
3. Destination Concentration (weight 20): Legitimate spending goes to multiple recipients. Draining concentrates to a single address.
4. Cumulative Drain Percentage (weight 40): Total extracted as a fraction of vault capacity over a rolling 72-hour window - not whether each transfer was allowed individually.
5. Velocity Spike (weight 30): Sudden increase in transaction rate from a vault with established normal patterns.
Live Demo
Behavioral anomaly detection is live at agent-vault.chitacloud.dev. Click Patient Drain (CRITICAL) in the Behavioral Anomaly Detection section. Risk score: 80/100 CRITICAL from a pattern that evades all per-transaction checks.