Image created with ChatGPT
AI Agents Tricked By Fake Memories, Enabling Crypto Theft
Reading time: 2 min
Last Updated: May 15, 2025
-
![Kiara Fabbri]()
-
![Sarah Frazier]()
Fact-Checked by Sarah Frazier Content Manager
A new research study revealed significant security vulnerabilities in Web3 AI-powered agents, which allow attackers to use fake memories to perform unauthorized cryptocurrency transfers.
In a rush? Here are the quick facts:
- Hackers can inject fake memories into AI agents to steal cryptocurrency.
- Memory-based attacks bypass basic security prompts and safeguards.
- Blockchain transactions are irreversible—stolen funds are permanently lost.
Researchers from Princeton University and the Sentient Foundation discovered that these AI agents, designed to handle blockchain-based tasks like trading crypto and managing digital assets, are vulnerable to a tactic called context manipulation.
The attack works by targeting the memory systems of platforms like ElizaOS, which creates AI AI agents for decentralized applications. The memory system of these agents store past conversations to use them as a guide for their future choices.
The researchers demonstrated that attackers can embed misleading commands in the memory system, leading the AI to send funds from the intended wallet to an attacker-controlled wallet. Alarmingly, these fake memories can travel between platforms.
For example, an agent compromised on Discord might later make incorrect transfers via X, without realizing anything is wrong.
What makes this especially dangerous is that standard defensive measures cannot stop this type of attack. The treatment of fake memories as genuine instructions renders basic prompt-based security measures ineffective against this kind of attack.
All blockchain transactions become permanent so there is no possibility to restore stolen funds. The problem becomes worse because certain AI agents store memory across multiple users so a single security breach could affect many users.
The research team tested several ways to prevent this, including adjusting AI training and requiring manual approval for transactions. While these approaches offer some hope, they come at the cost of slowing down automation.
The issue goes beyond cryptocurrency. The same vulnerability could affect general-purpose AI assistants, risking data leaks or harmful actions if attackers alter their memory.
This vulnerability is particularly alarming in light of recent findings where 84% of IT leaders trust AI agents as much as or more than human employees, and 92% expect these systems to drive business results within 12 to 18 months.
To address the problem, the researchers released a tool called CrAIBench to help developers test their systems and build stronger defenses. Until then, experts warn users to be cautious when trusting AI agents with financial decisions.
Previous Story
Latest articles 
