TechFlow news: On April 13, according to a Cointelegraph report, researchers from the University of California recently disclosed security vulnerabilities in certain third-party AI large language model (LLM) routers, which could lead to theft of cryptocurrency assets.
The study shows that LLM routers—acting as API intermediaries—can read plaintext information. Some routers were found to inject malicious code and steal credentials. The research team tested 28 paid and 400 free routers, discovering that nine actively injected malicious code, two deployed evasion triggers, 17 accessed Amazon Web Services (AWS) credentials, and one even transferred ETH using the researchers’ Ethereum private key.
The study notes that malicious behavior by routers is difficult to detect, and the “YOLO mode” present in some AI agent frameworks—which automatically executes commands—further increases security risks. The researchers recommend that developers avoid transmitting private keys or mnemonic phrases through AI agents and urge AI companies to implement cryptographic signing of responses to enhance security.
