Gate News message. On April 13, researchers at the University of California recently disclosed that some third-party AI large language model (LLM) routers have security risks, which could lead to cryptocurrency assets being stolen. The research shows that LLM routers, acting as API intermediaries, can read plaintext information. Some routers have been found to inject malicious code and steal credentials. The team tested 28 paid routers and 400 free routers, and found 9 routers actively injected malicious code, 2 deployed to evade triggers, and 17 accessed Amazon Web Services credentials. In some cases, a router even transferred ETH using the researchers’ Ethereum private key. The study points out that the routers’ malicious behavior is difficult to detect, and that some AI agent frameworks’ “YOLO mode” can automatically execute commands, increasing security risks. The researchers recommend that developers do not allow private keys or seed phrases to be transmitted through AI agents, and they call on AI companies to apply encrypted signatures to responses to strengthen security.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
