AI is mid.AI is mid.

AI Agents: A Crypto Vulnerability?

Source: cointelegraph.com

Published on May 26, 2025

AI Agents in Crypto: Security Risks

AI agents are being used more and more in finance, including crypto. However, the industry hasn't yet seen the security risks they bring. These agents are found in wallets, trading bots, and onchain assistants, automating tasks and making quick decisions. Model Context Protocol (MCP) is becoming important for these agents, acting as a control layer to manage their behavior, like choosing tools and responding to user inputs.

This flexibility also creates a large attack surface, where malicious plugins can change commands, corrupt data, or trick agents into harmful actions. According to VanEck, the number of AI agents in crypto was over 10,000 by the end of 2024 and is expected to reach 1 million in 2025.

Attack Vectors

Security firm SlowMist has found four potential attack vectors that developers should be aware of. These attacks use plugins to extend the capabilities of MCP-based agents, such as getting price data or executing trades.

  • Data poisoning: This attack manipulates users by creating false dependencies and inserting malicious logic.
  • JSON injection attack: This plugin retrieves data from a potentially malicious source, leading to data leaks or command manipulation.
  • Competitive function override: This technique replaces legitimate functions with malicious code, disrupting system logic.
  • Cross-MCP call attack: This plugin tricks an AI agent into interacting with unverified external services, expanding the attack surface.

These attacks target AI agents built on top of models that use plugins and control protocols like MCP.

According to SlowMist’s co-founder “Monster Z”, the poisoning of agents and MCPs comes from malicious information added during the model's interaction phase. He believes that the threat level of poisoning agents is higher than that of standalone AI poisoning.

The use of MCP and AI agents is relatively new in crypto. SlowMist identified these attack vectors from audited MCP projects, preventing losses to users. However, the risk of MCP security issues is real. One audit revealed a vulnerability that could have led to private key leaks.

Guy Itzhaki, CEO of Fhenix, stated that opening a system to third-party plugins extends the attack surface beyond control, and plugins can act as trusted code execution paths without proper security measures.

Security Recommendations

Lisa Loud, executive director of Secret Foundation, says that security should be the top priority when building any plugin-based system in crypto.

SlowMist security experts advise developers to use strict plugin verification, enforce input sanitization, apply least privilege principles, and regularly check agent behavior. Loud said that implementing these security checks is not difficult, just time-consuming, but worth it to protect crypto funds.

As AI agents become more common in crypto, proactive security is essential. The MCP framework can provide new capabilities, but without strong security measures, these agents could become attack vectors, risking crypto wallets, funds, and data.