Our cryptos already face numerous threats: hacks, bugs, phishing, human errors. But a new vulnerability is gaining strength. Artificial intelligence agents, meant to assist us, could become our worst enemies. A study by SlowMist reveals that flaws in MCP protocols expose wallets to invisible attacks. Behind their lines of code, these AI assistants could execute the orders… of an attacker.

Artificial intelligence is rapidly entering the crypto space. These AI agents, seen as a revolution in the sector, are not models like GPT-4 but , bots, or dApps. 

Their mission? To make automated decisions and execute on-chain actions. All based on a central protocol: the Model Context Protocol (MCP).

The problem is that this flexibility is also its weakness. . It decides which tools to use, which functions to execute, how to respond. According to SlowMist, this architecture opens an “uncontrollable surface without strict sandboxing“. Malicious can hijack an agent, inject toxic data, or make it call trapped external functions.

Security expert Monster Z explains: 

Poisoning of agents and MCPs results from malicious information introduced during the interaction phase. 

In short, even a well-trained agent can betray if it receives a toxic instruction at the wrong time. Worse: according to him, this threat surpasses classic AI model poisoning in severity.

The attacks are diverse, precise, and sneaky. SlowMist documents four main ones in its report. The MasterMCP project reproduces them to help developers understand the danger.

The first, data poisoning, uses plugins like “banana” to make the agent perform absurd tasks or mislead the user. Then, . Function substitution, through commands like “remove_server”, replaces critical operations with obfuscated code. 

Finally, to widen the vulnerability.

All these attacks start from unverified plugins. Yet in the crypto world, any plugin connected to a wallet is an entry point. Guy Itzhaki, CEO of Fhenix, summarizes well: 

Opening your system to third-party plugins is opening a breach beyond your control. 

Behind a simple AI assistant thus hides . And as Lisa Loud, director of Secret Foundation, points out: “Beta versions are the most common times to get hacked. ” 

Postponing security is exposing users to invisible but potentially catastrophic attacks.

Against this threat, the reaction should not be panic but . SlowMist recommends a set of accessible but demanding technical measures. It is necessary to . These measures must be native, integrated from the first line of code.

Here are some figures that show why action is needed now:

Developers must also train their teams, raise user awareness, and document expected behaviors. It is not about stopping the use of AI, but about not . Better a somewhat slow system than an emptied wallet.

While AI agents threaten our cryptos, another worry grows among financial giants. BlackRock wonders: can bitcoin survive the quantum era? Because if AIs can fool a plugin, a quantum computer could decrypt our private keys. And then, no more blockchain, no more wallet: just data stolen silently. The crypto revolution will also have to survive the revolution of physics.

DISCLAIMER

The views, thoughts, and opinions expressed in this article belong solely to the author, and should not be taken as investment advice. Do your own research before taking any investment decisions.