{"id":80784,"date":"2026-04-14T02:31:32","date_gmt":"2026-04-14T02:31:32","guid":{"rendered":"https:\/\/dogewisperer.com\/?p=80784"},"modified":"2026-04-14T02:31:32","modified_gmt":"2026-04-14T02:31:32","slug":"crypto-security-faces-new-test-as-rogue-ai-agents-emerge","status":"publish","type":"post","link":"https:\/\/dogewisperer.com\/?p=80784","title":{"rendered":"Crypto Security Faces New Test As Rogue AI Agents Emerge"},"content":{"rendered":"
\n

Researchers from the University of California set up a trap \u2014 a crypto wallet loaded with a small amount of Ether<\/a> and connected to third-party AI routing infrastructure. One of the routers took the bait. The wallet was drained. The loss was under $50, but the implications reached far beyond the dollar amount.<\/p>\n

That experiment was part of a broader study published recently, in which researchers tested 428 large language model routers \u2014 28 paid and 400 free \u2014 collected from public online communities.<\/p>\n

What they found was alarming. Nine routers were actively inserting malicious code<\/a> into traffic passing through them. Two were using evasion techniques to avoid detection. Seventeen accessed AWS credentials belonging to the researchers. One stole actual cryptocurrency.<\/p>\n

How Routers Became A Security Blind Spot<\/h2>\n

LLM routers sit between a developer\u2019s application and AI providers such as OpenAI, Anthropic, and Google. They work as intermediaries, bundling API access into a single pipeline.<\/p>\n

\n

26 LLM routers are secretly injecting malicious tool calls and stealing creds. One drained our client $500k wallet.<\/p>\n

We also managed to poison routers to forward traffic to us. Within several hours, we can directly take over ~400 hosts.<\/p>\n

Check our paper: https:\/\/t.co\/zyWz25CDpl<\/a> pic.twitter.com\/PlhmOYz2ec<\/a><\/p>\n

\u2014 Chaofan Shou (@Fried_rice) April 10, 2026<\/a><\/p>\n<\/blockquote>\n

The problem is structural. These routers terminate encrypted internet connections \u2014 known as TLS<\/a> \u2014 and read every message in plain text before passing it along. That means anything sent through them, including private keys, seed phrases, and login credentials, is fully visible to whoever operates the router.<\/p>\n

According to the researchers, the line between normal credential handling and outright theft is invisible from the client\u2019s end. Developers have no way to tell the difference. A router that looks like a legitimate service can silently forward sensitive data to a third party without triggering any alarm.<\/p>\n

Co-author Chaofan Shou said on X that 26 routers were found to be \u201csecretly injecting malicious tool calls and stealing creds.\u201d<\/p>\n

\"Crypto\"<\/p>\n

The study also flagged what researchers called \u201cYOLO mode\u201d \u2014 a setting built into many AI agent<\/a> frameworks that lets agents run commands without stopping to ask users for approval.<\/p>\n

A malicious router combined with an auto-executing agent could move funds or exfiltrate data before a developer even notices something went wrong.<\/p>\n

Crypto Security: Free Access Used As Bait<\/h2>\n

Reports<\/a> from the study indicate that free routers are especially suspect. Cheap or no-cost API access appears to be used as an incentive to get developers to route traffic through infrastructure that may be harvesting credentials in the background.<\/p>\n

<\/p>\n

Even routers that start out clean are not safe \u2014 the researchers found that previously legitimate routers can be quietly turned malicious once operators reuse leaked credentials through poorly secured relay systems.<\/p>\n

The recommended fix for now is straightforward: keep private keys and seed phrases out of any AI agent session entirely.<\/p>\n

For the long term, researchers say AI companies need to cryptographically sign their responses so that the instructions an agent executes can be mathematically traced back to the actual model \u2014 cutting off the ability of any middleman to tamper with them undetected.<\/p>\n

Featured image from Xage Security, chart from TradingView<\/em><\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

Researchers from the University of California set up a trap \u2014 a crypto wallet loaded with a small amount of Ether and connected to third-party AI routing infrastructure. One of the routers took the bait. The wallet was drained. The loss was under $50, but the implications reached far beyond the dollar amount. That experiment […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"iawp_total_views":0,"footnotes":""},"categories":[2],"tags":[3,4,5],"class_list":["post-80784","post","type-post","status-publish","format-standard","hentry","category-news","tag-crypto","tag-doge","tag-news"],"_links":{"self":[{"href":"https:\/\/dogewisperer.com\/index.php?rest_route=\/wp\/v2\/posts\/80784","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dogewisperer.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dogewisperer.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dogewisperer.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/dogewisperer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=80784"}],"version-history":[{"count":0,"href":"https:\/\/dogewisperer.com\/index.php?rest_route=\/wp\/v2\/posts\/80784\/revisions"}],"wp:attachment":[{"href":"https:\/\/dogewisperer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=80784"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dogewisperer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=80784"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dogewisperer.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=80784"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}