AI agents are increasingly integrated into crypto, with power wallets, trading bots and Onchain assistants that automate decision-making in real time. These agents often rely on the Emerging Model Context Protocol (MCP). This works like a control layer that manages usage. This determines the tools to use, the code to run, and how to respond to the user.
MCP adds flexibility and power, but also opens up serious security risks. Malicious plugins can override commands, poison data entry, or AI agents into harmful actions. Security researchers have identified four major attack types, including MCP-based plugins: data addiction, JSON injection, competitive feature overrides, and Cross-MCP call attacks. These vulnerabilities can lead to data leaks, system operations, or unauthorized control.
Unlike attacks on the AI model itself (such as corruption of training data), these threats are targeted at AI agents that operate in real time and interact with external plugins. This increases risk as agents play an active role in handling funds and carrying out transactions.
The crypto industry has rapidly adopted AI agents with MCPs, with over 10,000 agents by the end of 2024, with forecasts of over 1 million by 2025. Security experts warn that third-party plugins extend the attack surface beyond developer control, often running code without proper sandboxing, leading to privilege escalation and silent data leaks.
An audit revealed a vulnerability that could have caused the private key to be leaked. This is devastating for both users and projects. Experts emphasize that security needs to be prioritized in advance, rather than deferring it to later updates. Implementing strict plugin validation, sanitizing input, enforcing minimal privilege access, and periodic review of AI agents’ behavior are important steps.
Proactive security is essential as AI agents are embedded in the crypto infrastructure. Without strong guardrails around MCP frameworks and plugin management, these AI assistants could turn into key attack vectors that mitigate wallets, funds, and sensitive data. Sticking AI layers is no longer an option. Protecting the future of crypto is essential.
