Home
News
Details

Study Reveals Security Vulnerabilities in Third-Party AI Routers, Risking Crypto Theft

iconTechFlow
Share
Share IconShare IconShare IconShare IconShare IconShare IconCopy
This is the logo of the coin.
ETH
$2,342.17-3.2%
AI summary iconSummary

expand icon
A recent study by University of California researchers highlights security vulnerabilities in third-party AI routers, posing a risk to crypto assets. These routers, functioning as API intermediaries, can read plaintext data and inject malicious code. Of the 28 paid and 400 free routers tested, nine injected malicious code, two employed evasion triggers, and 17 accessed AWS credentials. Some even stole Ethereum private keys to transfer funds. The findings align with CFT efforts to prevent illicit crypto activity and raise concerns under MiCA, which aims to regulate crypto markets. Researchers warn that AI agent frameworks operating in 'YOLO mode' can automatically execute commands, urging developers to avoid transmitting private keys through AI systems and to adopt encrypted response signatures.

According to Cointelegraph, researchers at the University of California recently disclosed security risks in certain third-party AI large language model (LLM) routers that could lead to the theft of cryptocurrency assets. The study found that LLM routers, acting as API intermediaries, can read plaintext data, and some were discovered injecting malicious code to steal credentials. The team tested 28 paid and 400 free routers, identifying nine that actively injected malicious code, two that deployed evasion triggers, and 17 that accessed Amazon Web Services credentials—some routers even transferred ETH using the researchers’ Ethereum private key. The research noted that malicious behavior by routers is difficult to detect, and the “YOLO mode” in some AI agent frameworks, which automatically executes commands, further increases security risks. The study recommends that developers avoid transmitting private keys or seed phrases through AI agents and calls on AI companies to implement encrypted signatures for responses to enhance security.

Source:Show original
Disclaimer: The information on this page may have been obtained from third parties and does not necessarily reflect the views or opinions of KuCoin. This content is provided for general informational purposes only, without any representation or warranty of any kind, nor shall it be construed as financial or investment advice. KuCoin shall not be liable for any errors or omissions, or for any outcomes resulting from the use of this information. Investments in digital assets can be risky. Please carefully evaluate the risks of a product and your risk tolerance based on your own financial circumstances. For more information, please refer to our Terms of Use and Risk Disclosure.