A stark security warning has been issued for the cryptocurrency sector following a University of California study revealing rogue AI agents actively draining wallets and injecting malicious code, contributing to a sharp 10% market correction from recent highs. Researchers testing 428 large language model routers discovered nine actively compromising transactions, with one successfully stealing cryptocurrency in a controlled experiment, raising critical questions about the security of AI-integrated DeFi infrastructure as digital assets face renewed volatility.

How Routers Became A Security Blind Spot

LLM routers sit between a developer’s application and AI providers such as OpenAI, Anthropic, and Google. They work as intermediaries, bundling API access into a single pipeline.

26 LLM routers are secretly injecting malicious tool calls and stealing creds. One drained our client $500k wallet.

We also managed to poison routers to forward traffic to us. Within several hours, we can directly take over ~400 hosts.

Check our paper: https://t.co/zyWz25CDpl pic.twitter.com/PlhmOYz2ec

— Chaofan Shou (@Fried_rice) April 10, 2026

The problem is structural. These routers terminate encrypted internet connections — known as TLS — and read every message in plain text before passing it along. That means anything sent through them, including private keys, seed phrases, and login credentials, is fully visible to whoever operates the router.

According to the researchers, the line between normal credential handling and outright theft is invisible from the client’s end. Developers have no way to tell the difference. A router that looks like a legitimate service can silently forward sensitive data to a third party without triggering any alarm.

Co-author Chaofan Shou said on X that 26 routers were found to be “secretly injecting malicious tool calls and stealing creds.”

The study also flagged what researchers called “YOLO mode” — a setting built into many AI agent frameworks that lets agents run commands without stopping to ask users for approval.

A malicious router combined with an auto-executing agent could move funds or exfiltrate data before a developer even notices something went wrong.

Crypto Security: Free Access Used As Bait

Reports from the study indicate that free routers are especially suspect. Cheap or no-cost API access appears to be used as an incentive to get developers to route traffic through infrastructure that may be harvesting credentials in the background.

Even routers that start out clean are not safe — the researchers found that previously legitimate routers can be quietly turned malicious once operators reuse leaked credentials through poorly secured relay systems.

The recommended fix for now is straightforward: keep private keys and seed phrases out of any AI agent session entirely.

For the long term, researchers say AI companies need to cryptographically sign their responses so that the instructions an agent executes can be mathematically traced back to the actual model — cutting off the ability of any middleman to tamper with them undetected.

Featured image from Xage Security, chart from TradingView