Researchers discover malicious AI agent routers that can steal crypto

Researcher Chaofan Shou has identified 26 malicious LLM (Large Language Model) routers that are secretly injecting harmful tool calls and stealing credentials from users. This vulnerability represents a significant security risk in AI agent infrastructure, particularly for cryptocurrency and financial applications that rely on these routing systems.

The discovery of compromised LLM routers reveals a critical vulnerability in the AI agent ecosystem. These routers, which direct queries to appropriate language models and tools, have been weaponized to execute unauthorized actions and extract sensitive information like API keys and private credentials. This attack pattern demonstrates how compromises at infrastructure layers can bypass application-level security measures, affecting any downstream service that trusts these routers.

The emergence of this threat reflects the growing sophistication of attacks targeting AI systems as they become more integrated into financial and cryptocurrency platforms. As AI agents increasingly handle sensitive operations—from executing trades to managing wallets—the security of foundational infrastructure becomes paramount. Routers occupy a particularly vulnerable position, sitting between user requests and backend systems with broad access to credentials and tool execution capabilities.

For the cryptocurrency industry specifically, compromised routers pose substantial risks. AI agents used in DeFi protocols, trading platforms, and wallet management systems could be manipulated to execute unauthorized transactions or leak private keys. This vulnerability extends beyond individual users to entire platforms relying on affected router infrastructure, potentially affecting thousands of accounts and substantial asset volumes.

The identification of 26 compromised routers suggests this isn't an isolated incident but rather a systematic attack or negligent security practice. Organizations deploying AI agents must immediately audit their router configurations, verify the integrity of their AI infrastructure, and implement stronger access controls and monitoring. The security community should establish best practices for router validation and authentication to prevent similar compromises.

• →26 LLM routers have been found secretly injecting malicious tool calls and harvesting user credentials
• →Compromised routers can intercept and manipulate AI agent operations, particularly dangerous in cryptocurrency applications
• →Router-level vulnerabilities bypass traditional application security, affecting all downstream services using that infrastructure
• →Platforms using AI agents for financial operations must immediately audit their router integrity and access controls
• →This discovery highlights critical security gaps in AI agent infrastructure as adoption in crypto and finance accelerates