Key Takeaways
- University of California study identified 26 third-party AI routing services executing malicious activities
- Researchers lost Ether from a test wallet after a rogue router accessed it
- AI routers can read all data in plain text, exposing sensitive wallet information
- “YOLO mode” functionality enables AI systems to execute commands without human oversight
- Security experts warn against sharing cryptocurrency keys through AI-powered development tools
A research team from the University of California has uncovered a significant security vulnerability in AI development infrastructure, revealing that certain third-party routing platforms can compromise cryptocurrency wallets and insert malicious code into software projects.
The academic study, released this week, examined what researchers termed “malicious intermediary attacks” targeting the large language model infrastructure used by developers worldwide.
These AI routing platforms function as middleware between software developers and major AI service providers such as OpenAI, Anthropic, and Google. Their primary role involves managing and distributing API calls across various AI backends.
The critical vulnerability stems from how these intermediary services handle encrypted connections. By terminating secure connections at their servers, these routers gain complete visibility into all transmitted data in unencrypted form.
Developers utilizing AI-assisted coding platforms like Claude Code for blockchain application development or cryptocurrency wallet creation may unknowingly expose sensitive authentication data, including private keys and recovery phrases, to these intermediate services.
The research initiative analyzed 28 commercial routing services alongside 400 free alternatives collected from developer communities and public forums.
Results revealed that nine platforms were actively inserting harmful code, two employed sophisticated detection-avoidance techniques, and 17 successfully captured researcher-controlled Amazon Web Services authentication tokens.
In one instance, a malicious router successfully extracted Ether from a deliberately exposed test wallet created by the research team. The monetary loss totaled less than $50.
According to the researchers, distinguishing between legitimate credential processing and malicious theft presents an almost insurmountable challenge for users, given that routers inherently access sensitive information in readable format during normal operations.
Automated Execution Creates Additional Vulnerabilities
The study highlighted a particularly concerning feature present in numerous AI agent frameworks known as “YOLO mode.” This configuration allows artificial intelligence systems to execute operations autonomously without requiring user confirmation for individual actions.
This automation substantially amplifies security risks. When a routing service injects malicious commands, YOLO mode enables their execution without any human intervention or verification.
Researchers also discovered that legitimate routing services can be compromised and weaponized without alerting their operators. Free routing platforms pose particular concerns, as they may offer subsidized API access as bait while secretly harvesting user credentials.
Expert Security Recommendations
The research team urged developers to implement robust client-side security measures and establish strict protocols prohibiting the transmission of private keys or seed phrases through AI-assisted development environments.
As a sustainable solution, researchers advocated for AI providers to implement cryptographic signing of their outputs. This approach would enable developers to authenticate that instructions received by automated agents genuinely originated from the intended AI model.
Co-author Chaofan Shou shared on X that “26 LLM routers are secretly injecting malicious tool calls and stealing creds.”
The study’s authors emphasized that LLM API routing services occupy a crucial security checkpoint that the artificial intelligence industry has largely assumed to be trustworthy without adequate verification.
The published paper did not include specific information such as blockchain transaction identifiers for the compromised test wallet.
Get 3 Free Stock Ebooks
Discover top-performing stocks in AI, Crypto, and Technology with expert analysis.
- Top 10 AI Stocks - Leading AI companies
- Top 10 Crypto Stocks - Blockchain leaders
- Top 10 Tech Stocks - Tech giants
