20h19 ▪
5
min read ▪ by
Our cryptos already face numerous threats: hacks, bugs, phishing, human errors. But a new vulnerability is gaining strength. Artificial intelligence agents, meant to assist us, could become our worst enemies. A study by SlowMist reveals that flaws in MCP protocols expose wallets to invisible attacks. Behind their lines of code, these AI assistants could execute the orders… of an attacker.
In brief
- Crypto AI agents use MCP, a protocol as flexible as it is vulnerable to targeted attacks.
- Malicious plugins can hijack AI agents to steal keys and crypto funds.
- SlowMist identified four major attack vectors through an educational project called MasterMCP.
- Securing plugins, behaviors, and privileges must become the top priority for crypto AI developers.
When AI Becomes the Vulnerability: The Emergence of a New Threat
Artificial intelligence is rapidly entering the crypto space. By the end of 2024, more than 10,000 crypto AI agents were active. By the end of 2025, this number is expected to exceed one million. These AI agents, seen as a revolution in the sector, are not models like GPT-4 but extensions connected in real time to wallets, bots, or dApps.
Their mission? To make automated decisions and execute on-chain actions. All based on a central protocol: the Model Context Protocol (MCP).
The problem is that this flexibility is also its weakness. MCP acts as the brain of these agents. It decides which tools to use, which functions to execute, how to respond. According to SlowMist, this architecture opens an “uncontrollable surface without strict sandboxing“. Malicious plugins can hijack an agent, inject toxic data, or make it call trapped external functions.
Security expert Monster Z explains:
Poisoning of agents and MCPs results from malicious information introduced during the interaction phase.
In short, even a well-trained agent can betray if it receives a toxic instruction at the wrong time. Worse: according to him, this threat surpasses classic AI model poisoning in severity.
A Crypto System That Can Self-Destruct from Within
The attacks are diverse, precise, and sneaky. SlowMist documents four main ones in its report. The MasterMCP project reproduces them to help developers understand the danger.
The first, data poisoning, uses plugins like “banana” to make the agent perform absurd tasks or mislead the user. Then, JSON injection allows bypassing security by calling malicious data locally. Function substitution, through commands like “remove_server”, replaces critical operations with obfuscated code.
Finally, inter-MCP calls encourage an agent to interact with unsecured servers to widen the vulnerability.
All these attacks start from unverified plugins. Yet in the crypto world, any plugin connected to a wallet is an entry point. Guy Itzhaki, CEO of Fhenix, summarizes well:
Opening your system to third-party plugins is opening a breach beyond your control.
Behind a simple AI assistant thus hides a risk of private key leaks, fund thefts, and order manipulation. And as Lisa Loud, director of Secret Foundation, points out: “Beta versions are the most common times to get hacked. ”
Postponing security is exposing users to invisible but potentially catastrophic attacks.
What to Do? Secure AI Before It Feasts on Our Cryptos
Against this threat, the reaction should not be panic but prevention. SlowMist recommends a set of accessible but demanding technical measures. It is necessary to verify each plugin, limit privileges, isolate environments, and continuously analyze agent behaviors. These measures must be native, integrated from the first line of code.
Here are some figures that show why action is needed now:
- 1 million crypto AI agents expected by the end of 2025, according to VanEck;
- 4 MCP attack types already tested by experts (data poisoning, JSON, override, cross-call);
- The MasterMCP project proves these attacks can be simulated with a few lines of Python;
- A single MCP flaw can lead to private key theft according to SlowMist;
- Less than 10% of audited crypto AI projects use isolated environments or sandboxes.
Developers must also train their teams, raise user awareness, and document expected behaviors. It is not about stopping the use of AI, but about not skimping on security. Better a somewhat slow system than an emptied wallet.
While AI agents threaten our cryptos, another worry grows among financial giants. BlackRock wonders: can bitcoin survive the quantum era? Because if AIs can fool a plugin, a quantum computer could decrypt our private keys. And then, no more blockchain, no more wallet: just data stolen silently. The crypto revolution will also have to survive the revolution of physics.
Maximize your Cointribune experience with our “Read to Earn” program! For every article you read, earn points and access exclusive rewards. Sign up now and start earning benefits.
La révolution blockchain et crypto est en marche ! Et le jour où les impacts se feront ressentir sur l’économie la plus vulnérable de ce Monde, contre toute espérance, je dirai que j’y étais pour quelque chose
DISCLAIMER
The views, thoughts, and opinions expressed in this article belong solely to the author, and should not be taken as investment advice. Do your own research before taking any investment decisions.
