Paper 2025/526
AI Agents in Cryptoland: Practical Attacks and No Silver Bullet
Abstract
The integration of AI agents with Web3 ecosystems harnesses their complementary potential for autonomy and openness, yet also introduces underexplored security risks, as these agents dynamically interact with financial protocols and immutable smart contracts. This paper investigates the vulnerabilities of AI agents within blockchain-based financial ecosystems when exposed to adversarial threats in real-world scenarios. We introduce the concept of context manipulation -- a comprehensive attack vector that exploits unprotected context surfaces, including input channels, memory modules, and external data feeds. Through empirical analysis of ElizaOS, a decentralized AI agent framework for automated Web3 operations, we demonstrate how adversaries can manipulate context by injecting malicious instructions into prompts or historical interaction records, leading to unintended asset transfers and protocol violations which could be financially devastating. Our findings indicate that prompt-based defenses are insufficient, as malicious inputs can corrupt an agent's stored context, creating cascading vulnerabilities across interactions and platforms. This research highlights the urgent need to develop AI agents that are both secure and fiduciarily responsible.
Metadata
- Available format(s)
-
PDF
- Category
- Applications
- Publication info
- Preprint.
- Contact author(s)
-
atharvsp @ princeton edu
peiyao @ sentient xyz
hebbar @ princeton edu
pmittal @ princeton edu
pramodv @ princeton edu - History
- 2025-03-21: approved
- 2025-03-20: received
- See all versions
- Short URL
- https://ia.cr/2025/526
- License
-
CC BY-SA
BibTeX
@misc{cryptoeprint:2025/526, author = {Atharv Singh Patlan and Peiyao Sheng and S. Ashwin Hebbar and Prateek Mittal and Pramod Viswanath}, title = {{AI} Agents in Cryptoland: Practical Attacks and No Silver Bullet}, howpublished = {Cryptology {ePrint} Archive, Paper 2025/526}, year = {2025}, url = {https://eprint.iacr.org/2025/526} }