What are malicious AI routers and why are they dangerous?

Malicious AI routers are intermediary systems that route requests between users and AI models but can inject harmful code or steal data. They are dangerous because they can access sensitive information in plaintext during normal operation.

What did researchers discover about these AI routers?

Researchers found that 26 AI routers were secretly injecting malicious tool calls and stealing credentials. Some were actively harvesting sensitive data and exploiting user interactions.

Who reported the malicious router activity?

Chaofan Shou highlighted the issue, stating that multiple routers were covertly stealing credentials and compromising user security.

How can these routers lead to crypto theft?

These routers can intercept private keys, seed phrases, or wallet credentials when users interact with AI tools. Once exposed, attackers can use this information to access and drain crypto wallets.

Was any cryptocurrency actually stolen in the study?

Yes, researchers reported that Ethereum was drained from a decoy wallet during testing. This demonstrated that the attack vectors are not just theoretical.

Why is it hard to detect malicious AI routers?

Routers normally process sensitive data as part of their function, so malicious behaviour blends in with legitimate activity. This makes it difficult for users to distinguish between safe and compromised systems.

What types of attacks did researchers identify?

The study found several attack methods, including malicious code injection, credential harvesting, and adaptive evasion techniques. Some routers also accessed cloud credentials like AWS keys.

What is “YOLO mode” and why is it risky?

“YOLO mode” allows AI agents to execute commands automatically without user confirmation. This increases risk because malicious instructions can be executed without oversight.

Malicious AI routers expose crypto wallets to theft

Written by Liezl GambePublished Apr. 13 2026Last Updated Apr. 13 2026

Researchers have identified a major security risk in AI infrastructure, with malicious large language model (LLM) routers capable of stealing sensitive crypto data.

The study found that some third-party routers, which sit between users and AI models, can inject harmful code and extract credentials without detection.

“26 LLM routers are secretly injecting malicious tool calls and stealing creds,”

Said Chaofan Shou.

These routers can access plaintext data, meaning developers using AI tools for crypto-related tasks may unknowingly expose private keys, seed phrases and wallet credentials.

In testing, researchers found multiple attack methods, including credential harvesting and code injection, with one case successfully draining Ether from a decoy wallet.

The issue is difficult to detect because routers legitimately process sensitive data, making the line between normal function and malicious activity unclear.

Experts warn developers to avoid sharing sensitive information with AI agents and call for stronger safeguards, including cryptographic verification of AI responses, to prevent future attacks.