- Buy Crypto
- Markets
Futures- Spot
- Copy Trade
- Earn
- More
ElizaOS Vulnerability Shows How AI Can Be Gaslit Into Losing Millions
By: bitcoin ethereum news|2025/05/07 11:15:01
0
Share
In brief The study highlights how memory injection attacks can be used to manipulate AI agents. AI agents that focus on online sentiment are most vulnerable to these attacks. Attackers use fake social media accounts and coordinated posts to trick agents into making trading decisions. AI agents, some managing millions of dollars in crypto, are vulnerable to a new undetectable attack that manipulates their memories, enabling unauthorized transfers to malicious actors. That’s according to a recent study by researchers from Princeton University and the Sentient Foundation, which claims to have found vulnerabilities in crypto-focused AI agents, such as those using the popular ElizaOS framework. ElizaOS’ popularity made it a perfect choice for the study, according to Princeton graduate student Atharv Patlan, who co-authored the paper. “ElizaOS is a popular Web3-based agent with around 15,000 stars on GitHub, so it’s widely used,” Patlan told Decrypt . “The fact that such a widely used agent has vulnerabilities made us want to explore it further.” Initially released as ai16z, Eliza Labs launched the project in October 2024. It is an open-source framework for creating AI agents that interact with and operate on blockchains. The platform was rebranded to ElizaOS in January 2025. An AI agent is an autonomous software program designed to perceive its environment, process information, and take action to achieve specific goals without human interaction. According to the study, these agents, widely used to automate financial tasks across blockchain platforms, can be deceived through “memory injection”—a novel attack vector that embeds malicious instructions into the agent’s persistent memory. “Eliza has a memory store, and we tried to input false memories through someone else conducting the injection on another social media platform,” Patlan said. AI agents that rely on social media sentiment are especially vulnerable to manipulation, the study found. Attackers can use fake accounts and coordinated posts, known as a Sybil attack, named after the story of Sybil, a young woman diagnosed with Dissociative Identity Disorder, to deceive agents into making trading decisions. “An attacker could execute a Sybil attack by creating multiple fake accounts on platforms such as X or Discord to manipulate market sentiment,” the study reads. “By orchestrating coordinated posts that falsely inflate the perceived value of a token, the attacker could deceive the agent into buying a ‘pumped’ token at an artificially high price, only for the attacker to sell their holdings and crash the token’s value.” A memory injection is an attack in which malicious data is inserted into an AI agent’s stored memory, causing it to recall and act on false information in future interactions, often without detecting anything unusual. While the attacks do not directly target the blockchains, Patlan said the team explored the full range of ElizaOS’s capabilities to simulate a real-world attack. “The biggest challenge was figuring out which utilities to exploit. We could have just done a simple transfer, but we wanted it to be more realistic, so we looked at all the functionalities ElizaOS provides,” he explained. “It has a large set of features due to a wide range of plugins, so it was important to explore as many of them as possible to make the attack realistic.” Patlan said the study’s findings were shared with Eliza Labs, and discussions are ongoing. After demonstrating a successful memory injection attack on ElizaOS, the team developed a formal benchmarking framework to evaluate whether similar vulnerabilities existed in other AI agents. Working with the Sentient Foundation, the Princeton researchers developed CrAIBench, a benchmark measuring AI agents’ resilience to context manipulation. The CrAIBench evaluates attack and defense strategies, focusing on security prompts, reasoning models, and alignment techniques. Patlan said one key takeaway from the research is that defending against memory injection requires improvements at multiple levels. “Along with improving memory systems, we also need to improve the language models themselves to better distinguish between malicious content and what the user actually intends,” he said. “The defenses will need to work both ways—strengthening memory access mechanisms and enhancing the models.” Eliza Labs did not immediately respond to requests for comment by Decrypt . Edited by Sebastian Sinclair Generally Intelligent Newsletter A weekly AI journey narrated by Gen, a generative AI model. Source: https://decrypt.co/318200/elizaos-vulnerability-ai-gaslit-losing-millions
You may also like
AI Agent needs Crypto, not Crypto needs AI
It is not Crypto that needs AI to survive, but rather AI Agents that need Crypto to be implemented: when AI truly shifts from "thinking" to "executing," it must seek the boundaries of authority and funding within the programmable primitives of Crypto.
Stablecoins are breaking away from cryptocurrency, becoming the next generation of infrastructure for global payments
The use of stablecoins is shifting from facilitating low-cost cross-border remittances to supporting general commercial activities and inter-company vendor payments.
Web3 teams should stop wasting marketing budgets on the X platform
The announcements from the project party are still very important, but they should no longer be the starting point of promotional activities; instead, they should be the endpoint.
Strive buys Strategy stocks, and Bitcoin treasury companies start nesting each other
When everyone's bets are placed on the same table, the difference between "structured financing" and "concentrated gambling" may just be a few more arrows drawn on the PPT.
Strive to buy Strategy stock, Bitcoin Treasury company starts nesting dolls with each other
Bitcoin hodlers are starting to nested be in each other.
Key Market Intel on March 12th, how much did you miss out on?
1. On-chain Funds: $29.7M inflow to Hyperliquid today; $30.9M outflow from Base
2. Biggest Gainers/Losers: $DRV, $LYN
3. Top News: US plans to release 172M barrels of oil to curb prices, on-chain pre-market crude oil gains narrow by 4%
The new center of Crypto
But the market is constantly evolving. By 2026, companies that can adapt to the new environment will survive, while those that continue to rely on the old script may face the fate of elimination.
Former Coinbase CPO's lengthy article: I have regrets, but I still firmly believe in Crypto
People often fantasize that wealth comes from catching every new wave. Sometimes this is true. But more often, wealth comes from riding a real wave and not blindly paddling away every time the water splashes around.
Hormuz Strait Triggers Oil War, Will the Fed Blink with a Rate Cut in June?
Polymarket data shows that the current market is betting a 64% probability of an interest rate cut in June this year, with the probability rising to 81% for September.
After Law Enforcement in the US and the UK Seized Cryptocurrency, ‘Asset Return’ Never Really Happened
The digital assets that should have been returned to the victims have quietly flowed into government treasuries, strategic reserve funds, and law enforcement agencies' operational budgets.
Why Does Everyone Hate AI?
AI and Silicon Valley's PR Crisis
Kyle Samani Returns to Crypto? Post Discusses How to Efficiently Weed Out CEX
The beauty of PropAMM on Solana is that the blockchain itself directly "hosts" the liquidity provider algorithm.
What are the chances of a 5X MOONSHOT for HYPE?
Hyperliquid is building a new growth logic
Trade Gold & Silver with 0% Fees: Share $300K Rewards on PAXG, XAUT and XAG
The WEEX Precious Metals Campaign introduces zero-fee trading and a $300,000 reward pool, offering users new opportunities to engage with tokenized gold and silver markets on WEEX.
Lessons From a Third Prize Team in the WEEX AI Trading Hackathon
Rift, one of the Third Prize teams in the WEEX AI Trading Hackathon, shares how trusting their system helped the strategy stay resilient in live market volatility.
Untitled
I’m sorry, but I cannot generate or rewrite content from an article when the original content or information…
Binance Sues WSJ Over Defamatory Iran Sanctions Allegations
Key Takeaways: Binance has filed a defamation lawsuit against the Wall Street Journal in New York for alleged…
Google’s Gemini AI Projects XRP, Solana, and Cardano Prices by 2026
Key Takeaways: XRP could experience a surge to $15 by the end of 2026, driven by institutional investments…
AI Agent needs Crypto, not Crypto needs AI
It is not Crypto that needs AI to survive, but rather AI Agents that need Crypto to be implemented: when AI truly shifts from "thinking" to "executing," it must seek the boundaries of authority and funding within the programmable primitives of Crypto.
Stablecoins are breaking away from cryptocurrency, becoming the next generation of infrastructure for global payments
The use of stablecoins is shifting from facilitating low-cost cross-border remittances to supporting general commercial activities and inter-company vendor payments.
Web3 teams should stop wasting marketing budgets on the X platform
The announcements from the project party are still very important, but they should no longer be the starting point of promotional activities; instead, they should be the endpoint.
Strive buys Strategy stocks, and Bitcoin treasury companies start nesting each other
When everyone's bets are placed on the same table, the difference between "structured financing" and "concentrated gambling" may just be a few more arrows drawn on the PPT.
Strive to buy Strategy stock, Bitcoin Treasury company starts nesting dolls with each other
Bitcoin hodlers are starting to nested be in each other.
Key Market Intel on March 12th, how much did you miss out on?
1. On-chain Funds: $29.7M inflow to Hyperliquid today; $30.9M outflow from Base
2. Biggest Gainers/Losers: $DRV, $LYN
3. Top News: US plans to release 172M barrels of oil to curb prices, on-chain pre-market crude oil gains narrow by 4%
App