- Buy Crypto
- Markets
Futures- Spot
- Copy Trade
- Earn
- More
ElizaOS Vulnerability Shows How AI Can Be Gaslit Into Losing Millions
By: cryptonews|2025/05/07 08:15:01
0
Share
AI agents, some managing millions of dollars in crypto, are vulnerable to a new undetectable attack that manipulates their memories, enabling unauthorized transfers to malicious actors. That's according to a recent study by researchers from Princeton University and the Sentient Foundation, which claims to have found vulnerabilities in crypto-focused AI agents, such as those using the popular ElizaOS framework. ElizaOS’ popularity made it a perfect choice for the study, according to Princeton graduate student Atharv Patlan, who co-authored the paper. “ElizaOS is a popular Web3-based agent with around 15,000 stars on GitHub, so it's widely used,” Patlan told Decrypt . "The fact that such a widely used agent has vulnerabilities made us want to explore it further.” Initially released as ai16z, Eliza Labs launched the project in October 2024. It is an open-source framework for creating AI agents that interact with and operate on blockchains. The platform was rebranded to ElizaOS in January 2025. An AI agent is an autonomous software program designed to perceive its environment, process information, and take action to achieve specific goals without human interaction. According to the study, these agents, widely used to automate financial tasks across blockchain platforms, can be deceived through “memory injection”—a novel attack vector that embeds malicious instructions into the agent’s persistent memory. “Eliza has a memory store, and we tried to input false memories through someone else conducting the injection on another social media platform,” Patlan said. AI agents that rely on social media sentiment are especially vulnerable to manipulation, the study found. Attackers can use fake accounts and coordinated posts, known as a Sybil attack, named after the story of Sybil, a young woman diagnosed with Dissociative Identity Disorder, to deceive agents into making trading decisions. “An attacker could execute a Sybil attack by creating multiple fake accounts on platforms such as X or Discord to manipulate market sentiment,” the study reads. “By orchestrating coordinated posts that falsely inflate the perceived value of a token, the attacker could deceive the agent into buying a 'pumped' token at an artificially high price, only for the attacker to sell their holdings and crash the token’s value.” A memory injection is an attack in which malicious data is inserted into an AI agent’s stored memory, causing it to recall and act on false information in future interactions, often without detecting anything unusual. While the attacks do not directly target the blockchains, Patlan said the team explored the full range of ElizaOS's capabilities to simulate a real-world attack. “The biggest challenge was figuring out which utilities to exploit. We could have just done a simple transfer, but we wanted it to be more realistic, so we looked at all the functionalities ElizaOS provides,” he explained. “It has a large set of features due to a wide range of plugins, so it was important to explore as many of them as possible to make the attack realistic.” Patlan said the study's findings were shared with Eliza Labs, and discussions are ongoing. After demonstrating a successful memory injection attack on ElizaOS, the team developed a formal benchmarking framework to evaluate whether similar vulnerabilities existed in other AI agents. Working with the Sentient Foundation, the Princeton researchers developed CrAIBench, a benchmark measuring AI agents’ resilience to context manipulation. The CrAIBench evaluates attack and defense strategies, focusing on security prompts, reasoning models, and alignment techniques. Patlan said one key takeaway from the research is that defending against memory injection requires improvements at multiple levels. “Along with improving memory systems, we also need to improve the language models themselves to better distinguish between malicious content and what the user actually intends,” he said. “The defenses will need to work both ways—strengthening memory access mechanisms and enhancing the models.” Eliza Labs did not immediately respond to requests for comment by Decrypt . Edited by Sebastian Sinclair
You may also like
What Is OpenClaw? How The AI Agent Could Automate Crypto Trading Through APIs
OpenClaw is a rapidly growing AI agent on GitHub that can automate tasks and even execute crypto trades through exchange APIs. Learn how OpenClaw works, how it connects to exchanges, and the risks traders should understand before using AI trading agents.
Morning News | Tencent is building an AI intelligent entity for WeChat; Meta announces acquisition of Moltbook; Nvidia plans to launch the AI agent open-source platform NemoClaw
Overview of Important Market Events on March 10
NVIDIA's Jensen Huang's new article: The "Five-Layer Cake" of AI
NVIDIA breaks down AI into a five-layer system consisting of energy, chips, infrastructure, models, and applications, and points out that every successful AI application will pull the entire industrial chain from computing power to electricity downward.
In-depth Analysis of ERC-8183: The Answer to the Trust Issue of Ethereum-Powered AI Agents
In the world of agents, one cannot conquer the world solely with reputation.
Stock Tokenization Revolution: Market Dynamics, Product Architecture, and Regulatory Moat Panorama Report
The integration of the $150 trillion global stock market with blockchain infrastructure is no longer just a proposition—it is happening.
The current Lobster Skill is just yesterday's Fruit Ninja, only meant to get you acquainted.
How Will Lobster Make Its Way into Our Lives?
Key Market Intelligence on March 10th, how much did you miss out on?
1. On-chain Funds: $51.2M USD inflow to Hyperliquid today; $51.2M USD outflow from Arbitrum
2. Biggest Gainers and Losers: $DRV, $OM
3. Top News: Middle East Conflict Sparks Stagflation Trading, Global Stock Markets Shed About $6 Trillion USD
IOSG: From Interest-Bearing Stablecoins to Crypto Credit Products
Bear Market Favors Stablecoin Yield Farming, Rise of Real World Asset (RWA) Lending with Interest-Bearing Stablecoins.
NVIDIA CEO Jensen Huang's Latest Article: The "Five Layers of AI"
NVIDIA breaks down AI into a five-level hierarchy of Energy, Silicon, Infrastructure, Models, and Applications, and points out that every successful AI application will pull through the entire stack from computation to power in the industry chain.
Daily Observation of Cryptocurrency Concept Stocks: Nasdaq Bets on Stocks on the Blockchain, Strategy Buys Another 17,994 BTC, ETH Treasury Stocks Enter Production Period
Traditional exchanges are beginning to embrace stock tokenization, while BTC treasury companies continue to increase their holdings through capital market instruments. ETH treasury companies, beyond Bitcoin, are also starting to validate the "holding + earning interest" balance sheet logic.
One-click onboarding to RootData, allowing project information to be accurately presented on over 200 platforms including Binance Wallet, Gate, TP, and more
Exchanging disclosure for trust, transparency is no longer a cost of the project, but a core asset for long-termists.
To the Builders who are still persevering in the crypto industry
Kydo deeply reflects on the dilemmas of the cryptocurrency industry: bidding farewell to the false prosperity of "selling infrastructure to developers" and proposing a new paradigm of using programmable capital to provide growth fuel for AI Agent companies.
Oil Price Cools Off, Crypto Bounces Back
Why Oil and Bitcoin Prices Always Move in Opposite Directions
a16z Releases Top 100 AI Applications List, Models Are Moving Out of the Browser and App
With the rise of video creation, Agent tools, and AI browsers, AI is evolving from a chat product into a new platform and operating environment.
If you only follow the news, you may have misconstrued this Iran conflict
With a Narrative-Driven Agenda, Western Media Falsifies War Coverage
ERC-8183: Write a Rule for a $3M On-Chain Agent Business
Before running in the Wild West of three million dollars, today, the rules have been written
AI Mistakenly 'Tips' $260,000, Makes It All Back in 24 Hours
AI Awakening seems to be really happening: they have already started to learn how to earn money on their own, and their money-earning ability may even surpass that of humans.
Arthur Hayes: Why is HYPE a 5x Moonshot?
Arthur Hayes' price target for HYPE in August 2026 is $150.
What Is OpenClaw? How The AI Agent Could Automate Crypto Trading Through APIs
OpenClaw is a rapidly growing AI agent on GitHub that can automate tasks and even execute crypto trades through exchange APIs. Learn how OpenClaw works, how it connects to exchanges, and the risks traders should understand before using AI trading agents.
Morning News | Tencent is building an AI intelligent entity for WeChat; Meta announces acquisition of Moltbook; Nvidia plans to launch the AI agent open-source platform NemoClaw
Overview of Important Market Events on March 10
NVIDIA's Jensen Huang's new article: The "Five-Layer Cake" of AI
NVIDIA breaks down AI into a five-layer system consisting of energy, chips, infrastructure, models, and applications, and points out that every successful AI application will pull the entire industrial chain from computing power to electricity downward.
In-depth Analysis of ERC-8183: The Answer to the Trust Issue of Ethereum-Powered AI Agents
In the world of agents, one cannot conquer the world solely with reputation.
Stock Tokenization Revolution: Market Dynamics, Product Architecture, and Regulatory Moat Panorama Report
The integration of the $150 trillion global stock market with blockchain infrastructure is no longer just a proposition—it is happening.
The current Lobster Skill is just yesterday's Fruit Ninja, only meant to get you acquainted.
How Will Lobster Make Its Way into Our Lives?
App