Research Finds Security Vulnerabilities in Third-Party AI Routers That Could Lead to Cryptocurrency Theft
According to Cointelegraph, researchers from the University of California recently revealed security risks in certain third-party AI large language model (LLM) routers that could lead to the theft of cryptocurrency assets.
The study found that LLM routers—acting as API intermediaries—can read plaintext information; some routers were discovered injecting malicious code and stealing credentials. The research team tested 28 paid and 400 free routers, identifying nine routers that actively injected malicious code, two that deployed trigger-avoidance mechanisms, and 17 that accessed Amazon Web Services (AWS) credentials. One router even transferred ETH using the researchers’ Ethereum private key.
The study notes that malicious behavior by routers is difficult to detect, and the “YOLO mode” present in some AI agent frameworks—which automatically executes commands—further increases security risks. Researchers recommend that developers avoid transmitting private keys or mnemonic phrases through AI agents and urge AI companies to implement cryptographic signing of responses to enhance security.