AI Crypto Plugins Pose Security Risks as Vulnerabilities Exposed

Published: Sun 25 May 2025 | 5 min read | By Mikaia A.

Key Takeaways

• Crypto AI agents use the Model Context Protocol (MCP), which is flexible but vulnerable to targeted attacks.
• Malicious plugins can hijack AI agents to steal private keys and crypto funds.
• SlowMist identified four major attack vectors through an educational project called MasterMCP.
• Securing plugins, behaviors, and privileges must become a top priority for crypto AI developers.

The Emergence of a New Threat

Artificial intelligence is rapidly entering the crypto space. By the end of 2024, over 10,000 crypto AI agents were active, with projections exceeding one million by 2025. These AI agents, seen as a revolution in the sector, are not standalone models like GPT-4 but extensions connected in real time to wallets, bots, or dApps.

Their mission? To make automated decisions and execute on-chain actions. All based on the Model Context Protocol (MCP). However, this flexibility is also its weakness. MCP acts as the brain of these agents, deciding which tools to use and how to respond. According to SlowMist, this architecture opens an "uncontrollable surface without strict sandboxing." Malicious plugins can hijack an agent, inject toxic data, or make it call trapped external functions.

Security expert Monster Z explains:

"Poisoning of agents and MCPs results from malicious information introduced during the interaction phase."

In short, even a well-trained agent can betray if it receives a toxic instruction at the wrong time. Worse: this threat surpasses classic AI model poisoning in severity.

A System That Can Self-Destruct from Within

The attacks are diverse, precise, and sneaky. SlowMist documents four main ones in its report. The MasterMCP project reproduces them to help developers understand the danger.

1. Data poisoning uses plugins to make the agent perform absurd tasks or mislead the user.
2. JSON injection allows bypassing security by calling malicious data locally.
3. Function substitution replaces critical operations with obfuscated code.
4. Inter-MCP calls encourage an agent to interact with unsecured servers to widen the vulnerability.

All these attacks start from unverified plugins. Yet in the crypto world, any plugin connected to a wallet is an entry point. Guy Itzhaki, CEO of Fhenix, summarizes:

"Opening your system to third-party plugins is opening a breach beyond your control."

Behind a simple AI assistant hides a risk of private key leaks, fund thefts, and order manipulation. And as Lisa Loud, director of Secret Foundation, points out: "Beta versions are the most common times to get hacked."

What to Do? Secure AI Before It Feasts on Our Cryptos

Against this threat, the reaction should not be panic but prevention. SlowMist recommends:

• Verify each plugin.
• Limit privileges.
• Isolate environments.
• Continuously analyze agent behaviors.

These measures must be native, integrated from the first line of code. Developers must also train their teams, raise user awareness, and document expected behaviors. It is not about stopping the use of AI, but about not skimping on security.

While AI agents threaten our cryptos, another worry grows among financial giants. BlackRock wonders: can bitcoin survive the quantum era? Because if AIs can fool a plugin, a quantum computer could decrypt our private keys. And then, no more blockchain, no more wallet: just data stolen silently. The crypto revolution will also have to survive the revolution of physics.

Maximize your Cointribune experience with our "Read to Earn" program! For every article you read, earn points and access exclusive rewards. Sign up now and start earning benefits.