Buy Crypto- Markets
Futures- Spot
- Copy Trade
- Earn
- More
ElizaOS Vulnerability Shows How AI Can Be Gaslit Into Losing Millions
By: cryptonews|2025/05/07 08:15:01
0
Share
AI agents, some managing millions of dollars in crypto, are vulnerable to a new undetectable attack that manipulates their memories, enabling unauthorized transfers to malicious actors. That's according to a recent study by researchers from Princeton University and the Sentient Foundation, which claims to have found vulnerabilities in crypto-focused AI agents, such as those using the popular ElizaOS framework. ElizaOS’ popularity made it a perfect choice for the study, according to Princeton graduate student Atharv Patlan, who co-authored the paper. “ElizaOS is a popular Web3-based agent with around 15,000 stars on GitHub, so it's widely used,” Patlan told Decrypt . "The fact that such a widely used agent has vulnerabilities made us want to explore it further.” Initially released as ai16z, Eliza Labs launched the project in October 2024. It is an open-source framework for creating AI agents that interact with and operate on blockchains. The platform was rebranded to ElizaOS in January 2025. An AI agent is an autonomous software program designed to perceive its environment, process information, and take action to achieve specific goals without human interaction. According to the study, these agents, widely used to automate financial tasks across blockchain platforms, can be deceived through “memory injection”—a novel attack vector that embeds malicious instructions into the agent’s persistent memory. “Eliza has a memory store, and we tried to input false memories through someone else conducting the injection on another social media platform,” Patlan said. AI agents that rely on social media sentiment are especially vulnerable to manipulation, the study found. Attackers can use fake accounts and coordinated posts, known as a Sybil attack, named after the story of Sybil, a young woman diagnosed with Dissociative Identity Disorder, to deceive agents into making trading decisions. “An attacker could execute a Sybil attack by creating multiple fake accounts on platforms such as X or Discord to manipulate market sentiment,” the study reads. “By orchestrating coordinated posts that falsely inflate the perceived value of a token, the attacker could deceive the agent into buying a 'pumped' token at an artificially high price, only for the attacker to sell their holdings and crash the token’s value.” A memory injection is an attack in which malicious data is inserted into an AI agent’s stored memory, causing it to recall and act on false information in future interactions, often without detecting anything unusual. While the attacks do not directly target the blockchains, Patlan said the team explored the full range of ElizaOS's capabilities to simulate a real-world attack. “The biggest challenge was figuring out which utilities to exploit. We could have just done a simple transfer, but we wanted it to be more realistic, so we looked at all the functionalities ElizaOS provides,” he explained. “It has a large set of features due to a wide range of plugins, so it was important to explore as many of them as possible to make the attack realistic.” Patlan said the study's findings were shared with Eliza Labs, and discussions are ongoing. After demonstrating a successful memory injection attack on ElizaOS, the team developed a formal benchmarking framework to evaluate whether similar vulnerabilities existed in other AI agents. Working with the Sentient Foundation, the Princeton researchers developed CrAIBench, a benchmark measuring AI agents’ resilience to context manipulation. The CrAIBench evaluates attack and defense strategies, focusing on security prompts, reasoning models, and alignment techniques. Patlan said one key takeaway from the research is that defending against memory injection requires improvements at multiple levels. “Along with improving memory systems, we also need to improve the language models themselves to better distinguish between malicious content and what the user actually intends,” he said. “The defenses will need to work both ways—strengthening memory access mechanisms and enhancing the models.” Eliza Labs did not immediately respond to requests for comment by Decrypt . Edited by Sebastian Sinclair
You may also like
Atkins Marks One-Year Anniversary at SEC: Crypto Regulation Shifts from ‘Enforcement Heavy’ to ‘Rulemaking Mode’
Before the bill is passed, the SEC's cryptocurrency regulatory framework remains in a transition state of "administrative guidance + enforcement actions."
Under Political Pressure, Is the Federal Reserve Still Independent?
Powell believes that political pressure is not a threat, and what truly determines the Fed's independence is the Fed itself.
Yellen's Past Remarks: How Will This Incoming "Fed Chair" Disrupt the Federal Reserve? Janet Yellen, who is expected to become the next Chair of the Federal Reserve, has made several significant statements in the past regarding monetary policy, financ...
Powell's reform blueprint not only looks bold and ambitious, but also directly targets many vulnerabilities of the Federal Reserve. Facing the upcoming Senate confirmation hearing, how will this Fed's presumptive new "helmsman" reshape the future of the world's largest central bank?
ZachXBT vs. RAVE: Is a “Clean” Market Really What Speculators Want?
While cleaning up manipulation, it may also involve cleaning up liquidity
Arbitrum Poses as Hacker, 'Steals' Back Money Lost by KelpDAO
Even though Arbitrum wielded the admin key, the battle is far from over.
Without Cook's Apple, Can it Still Grow in the AI Era?
The iPhone Remains at its Peak, But Apple is at a Turning Point
Saylor's Bitcoin Holdings Surpass BlackRock, How Does This "Bitcoin Financing Machine" STRC Work?
Funding Cap is not equal to Execution Path; whether Bitcoin can cooperate is the true variable.
What Is RWA? What Is RWA in Crypto (Complete 2026 Guide)
Wondering what is RWA in crypto? We explain what RWA is, break down RWA tokenization in simple no-jargon terms, and cover why it's 2026's hottest crypto narrative.
What Is the KelpDAO Attack? What It Means for Aave Users in 2026
KelpDAO suffered a $292M rsETH exploit on April 18, 2026, triggering Aave market freezes and $13B DeFi outflows. Here’s what happened, whether Aave is safe now, and what users should do next.
Is your gold really "within reach"? The geographical blind spots of custodial services behind tokenized gold
When "complete physical support" does not equal "truly desirable," the risks are just beginning to emerge.
Cook Passes the Baton, Anthropic Gears Up | Rewire News Morning Brief
In the window of AI reshaping the hardware landscape, Apple has chosen a Maker
Will the Fed Cut Interest Rates Again? Tonight's Data Is Key
Citi believes geopolitical turbulence is temporary and the rate cut trajectory remains unchanged. Meanwhile, Deutsche Bank warns that the policy has reached a neutral stance, with no interest rate cuts in the foreseeable future.
The person taking over Apple has to do something he has never done before
Software, AI, services—areas he never directly controlled in his 25-year Apple career
Why Are You Always Losing Money on Polymarket? Because You're Betting on News, While The Rulebook Favors Insiders
At Polymarket, most people who bet incorrectly are not wrong in their prediction but rather in not having read the rules carefully.
Not a Price Hike, but a Supply Shortage? Oil Price Has Crossed the Threshold
A $95 Per Barrel Price Is Far From Enough to Rebalance the Oil Market
a16z: 5 Ways Blockchain Helps AI Agent Infrastructure
Artificial intelligence makes scaling cost-effective, but it is difficult to establish trust. Cryptocurrency can rebuild trust on a large scale.
Morning News | The Hong Kong Securities and Futures Commission announced the regulatory framework for secondary market trading of tokenized investment products; Strategy increased its holdings by 34,164 bitcoins last week; KAIO completed a strategic fi...
Overview of Important Market Events on April 20
What Is an XRP Wallet? The Best Wallets to Store XRP (2026 Updated)
An XRP wallet lets you safely store, send, and receive XRP on the XRP Ledger. Learn what wallets support XRP and discover the best XRP wallets for beginners and long-term holders in 2026.
Atkins Marks One-Year Anniversary at SEC: Crypto Regulation Shifts from ‘Enforcement Heavy’ to ‘Rulemaking Mode’
Before the bill is passed, the SEC's cryptocurrency regulatory framework remains in a transition state of "administrative guidance + enforcement actions."
Under Political Pressure, Is the Federal Reserve Still Independent?
Powell believes that political pressure is not a threat, and what truly determines the Fed's independence is the Fed itself.
Yellen's Past Remarks: How Will This Incoming "Fed Chair" Disrupt the Federal Reserve? Janet Yellen, who is expected to become the next Chair of the Federal Reserve, has made several significant statements in the past regarding monetary policy, financ...
Powell's reform blueprint not only looks bold and ambitious, but also directly targets many vulnerabilities of the Federal Reserve. Facing the upcoming Senate confirmation hearing, how will this Fed's presumptive new "helmsman" reshape the future of the world's largest central bank?
ZachXBT vs. RAVE: Is a “Clean” Market Really What Speculators Want?
While cleaning up manipulation, it may also involve cleaning up liquidity
Arbitrum Poses as Hacker, 'Steals' Back Money Lost by KelpDAO
Even though Arbitrum wielded the admin key, the battle is far from over.
Without Cook's Apple, Can it Still Grow in the AI Era?
The iPhone Remains at its Peak, But Apple is at a Turning Point
App