AI agents have emerged as a new potential Achilles’ heel in the cryptocurrency world, threatening to disrupt an industry already fraught with risks. With the proliferation of AI-driven tools embedded in crypto wallets, trading bots, and on-chain assistants, the Model Context Protocol (MCP) is increasingly becoming the backbone of these systems. Yet, this same technology offers a fertile ground for cyberattacks, posing a significant threat to the security of crypto assets.
The MCP Dilemma
The Model Context Protocol, launched by Anthropic last November, is designed to empower AI agents by acting as a control layer that dictates how these agents operate—deciding which tools they use, what code they run, and how they respond to user inputs. But with great power comes great vulnerability. This flexibility creates an expansive attack surface, allowing malicious actors to insert harmful plugins, manipulate data inputs, or override commands.
Security firm SlowMist has identified four major attack vectors that exploit these vulnerabilities, each delivered through plugins that extend the capabilities of MCP-based agents. Data poisoning, JSON injection attacks, competitive function overrides, and cross-MCP call attacks are some of the menacing tactics hackers might employ. According to Monster Z, co-founder of SlowMist, these threats are more perilous than the poisoning of AI models themselves, as they exploit agents built on top of models—acting on real-time inputs.
The Industry’s Response
With the number of AI agents in the crypto sector projected to surpass one million this year, developers are racing against time to address these security concerns. “The moment you open your system to third-party plugins, you’re extending the attack surface beyond your control,” warns Guy Itzhaki, CEO of encryption research firm Fhenix. Indeed, plugins can provide trusted paths for code execution, often without proper sandboxing, which can lead to privilege escalation and data leaks. This follows a pattern of increasing complexity in crypto systems, as discussed in AI Crypto Agents Are Ushering in a New Era of ‘DeFAI’.
The urgency of securing AI layers in crypto cannot be overstated. “Build fast, break things—then get hacked,” quipped Lisa Loud, executive director of Secret Foundation. She emphasizes the need for developers to prioritize security from the outset, especially in a public, on-chain environment where vulnerabilities can be exploited quickly. SlowMist recommends a multifaceted approach to security, including strict plugin verification, input sanitization, and regular reviews of agent behavior.
A Looming Threat?
While the integration of AI agents in crypto infrastructure is still in its nascent stage, the potential security breaches they pose are very real. An audit by SlowMist highlighted a vulnerability that could have led to private key leaks—an ordeal that would grant full asset control to unauthorized parties. As AI agents continue to expand their role in the crypto ecosystem, the need for robust security measures becomes even more pressing. This is particularly relevant as multi-wallet usage has increased, a trend that AI might help address, as explored in Multi-wallet usage up 16%, but AI may address crypto fragmentation gap.
The MCP framework has the potential to unlock powerful capabilities for AI agents, but without stringent guardrails, these agents could become conduits for attacks, jeopardizing crypto wallets, funds, and data. The industry faces a pivotal moment where proactive security measures are not just advisable—they are essential. As Guy Itzhaki succinctly puts it, the race to secure the AI layer is on, and the stakes have never been higher.
As we move deeper into 2025, the crypto world will need to navigate these uncharted waters with care, raising questions about whether the industry can adapt quickly enough to safeguard its digital assets. The future of AI in crypto hangs in the balance, hinging on the industry’s ability to fortify its defenses against these emerging threats.
Source
This article is based on: AI agents are poised to be crypto’s next major vulnerability
Further Reading
Deepen your understanding with these related articles:
- AI-Powered Court System Is Coming to Crypto With GenLayer
- Crypto losses spike 1,100% in April with 5th-largest-ever hack: CertiK
- ‘Huge Shift’ in crypto firms’ compliance mindset, says Elliptic co-founder
Steve Gregory is a lawyer in the United States who specializes in licensing for cryptocurrency companies and products. Steve began his career as an attorney in 2015 but made the switch to working in cryptocurrency full time shortly after joining the original team at Gemini Trust Company, an early cryptocurrency exchange based in New York City. Steve then joined CEX.io and was able to launch their regulated US-based cryptocurrency. Steve then went on to become the CEO at currency.com when he ran for four years and was able to lead currency.com to being fully acquired in 2025.
