Blog

AI agents have prepared to be the next major crypto weakness

Photo of cryptobizinvest.com cryptobizinvest.com Send an email May 25, 2025
0 0 4 minutes read


AI agents in Crypto are increasingly stabbed in purses, trading bots and onchain helpers that automatically tasks and make real-time decisions.

Although it is not yet a standard framework, the Model Context Protocol (MCP) is emerging among many of these agents. If blockchains have smart contracts to determine what should happen, AI agents have MCPs to decide how things happen.

It can act as a control layer in charge of the AI ​​agent’s behavior, such as which tools it uses, what code is running and how it responds to user inputs.

The same flexibility also creates a strong attack surface that may allow malicious plugins to override commands, poison data inputs, or trick agents in implementing harmful instructions.

Amazon- and Google’s supported fell to the MCP on November 25, 2024, to connect AI assistants to data systems. Source: Anthropic

MCP attack vectors expose security issues of AI agents

According to Vaneck, the Number of AI agents In the crypto industry exceeds 10,000 by the end of 2024 and is expected to top 1 million in 2025.

Security firm Slowmist is discovered Four potential attacks of vectors that developers need to take care of. Each vector attack was delivered through a plugin, which is how MCP-based agents expanded their capabilities, whether it was pulling price data, implementing trading or performance system activities.

  • Data Poisoning: This attack makes users taking misleading steps. It supports user behavior, creates false dependencies, and enters malicious logic in advance of the process.

  • JSON Injection Attack: This plugin captures data from a local (potentially malicious) resource through a JSON call. This can lead to data leakage, manipulation of command or bypassing authentication mechanisms by feeding injured agents.

  • Competitive Function Override: This method overrides the legitimate operation system with a malignant code. It prevents the expected operation from the incident and is subjected to the instructions, interferes with the logic of the system and hides the attack.

  • Call-MCP call attack: This plugin indicates an AI agent to interact with unspecified external services by scodied error messages or fraudulent signals. It expands the attack on the surface by linking many systems, creating opportunities for further exploitation.

Sequence diagram showing potential cross-MCP attack vectors and risk points. Source: Slowmist

Attacks of vectors are not synonymous with the poisoning of AI models itself, such as GPT-4 or Claude, which may involve destruction of training data that shapes the internal parameters of a model. Attacks shown by Slowmist AI’s target agents – which is Systems built on top of models -The action on real-time inputs using plugins, tools and control protocols such as MCP.

Related: The Future of Digital Self Management: AI agents in Crypto

“The AI ​​model poisoning involves the injection of malicious data into training samples, which will then be embedded in model parameters,” Blockchain Security Firm’s co-founder Slowmist “Monster Z” said in the cointelegraph. “In contrast, the poisoning of agents and MCPs primarily comes from further malicious information introduced at the model interaction phase.”

“Personally, I believe (poisoning of agents) threat levels and the scope of privilege is higher than the independent AI poisoning,” he said.

MCP in AI agents is a crypto threat

The adoption of MCP and AI agents is still a bit new in crypto. Slowmist recognized the Attack vectors From the pre-released MCP projects it has been audited, which alleviates the actual losses to end-users.

However, the level of threat of MCP’s security weaknesses is very true, according to Monster, recalling a auditing where weakness can lead to private key leaks -a catastrophic disaster for any crypto or investor project, as it can provide full control over uninvited actors.

Crypto developers may be new to AI security, but this is an urgent issue. Source: Cos

“Once you open your system to third-party plugins, you expand the attack over your control,” Guy Itzhaki, CEO of Encryption Research Firm Fhenix, told Cointelegraph.

Related: AI has a problem with trust-the decentralized privacy — maintaining tech can fix it

“Plugins can act as trusted code implementation paths, often without proper sandboxing. It opens the door to privileged increase, dependency on dependency, operating and -worst of all -quiet data leakage,” he added.

AI layer -sessions before it is too late

Build fast, break things – then hack. That’s the risk facing developers who drive security in the two version, especially in crypto high-stakes, onchain environment.

The most common mistake of the errors of the mistake is to assume that they can fly under the radar for a while and implement security measures later updates after launch. That is according to Lisa Loud, executive director of the Secret Foundation.

“When you are building any system based on the plugin today, especially if in the crypto context, which is public and onchain, you need to build security first and everything else,” he told Cointelegraph.

Slowmist security experts recommend that developers implement strict plugin verification, implement sanitization input, apply at least privilege principles, and regularly evaluate agent’s behavior.

Loud said “not difficult” to implement such security checks to avoid malicious injection or data poisoning, “exhausting and time -consuming” -a small price to pay to secure crypto funds.

As AI agents extend their footprint to crypto infrastructure, the need for active security cannot be overstated.

The MCP framework can unlock strong new capabilities for those agents, but without stable guards around the plugins and system behavior, they can turn from useful assistants to attacks of vectors, placing crypto wallets, funds and data at risk.

Magazine: Crypto AI Tokens progresses to 34%, why chatgpt is like a kiss-ass: Ai Eye