- Buy Crypto
- Markets
Futures- Spot
- Copy Trade
- Earn
- More
ElizaOS Vulnerability Shows How AI Can Be Gaslit Into Losing Millions
By: bitcoin ethereum news|2025/05/07 11:15:01
0
Share
In brief The study highlights how memory injection attacks can be used to manipulate AI agents. AI agents that focus on online sentiment are most vulnerable to these attacks. Attackers use fake social media accounts and coordinated posts to trick agents into making trading decisions. AI agents, some managing millions of dollars in crypto, are vulnerable to a new undetectable attack that manipulates their memories, enabling unauthorized transfers to malicious actors. That’s according to a recent study by researchers from Princeton University and the Sentient Foundation, which claims to have found vulnerabilities in crypto-focused AI agents, such as those using the popular ElizaOS framework. ElizaOS’ popularity made it a perfect choice for the study, according to Princeton graduate student Atharv Patlan, who co-authored the paper. “ElizaOS is a popular Web3-based agent with around 15,000 stars on GitHub, so it’s widely used,” Patlan told Decrypt . “The fact that such a widely used agent has vulnerabilities made us want to explore it further.” Initially released as ai16z, Eliza Labs launched the project in October 2024. It is an open-source framework for creating AI agents that interact with and operate on blockchains. The platform was rebranded to ElizaOS in January 2025. An AI agent is an autonomous software program designed to perceive its environment, process information, and take action to achieve specific goals without human interaction. According to the study, these agents, widely used to automate financial tasks across blockchain platforms, can be deceived through “memory injection”—a novel attack vector that embeds malicious instructions into the agent’s persistent memory. “Eliza has a memory store, and we tried to input false memories through someone else conducting the injection on another social media platform,” Patlan said. AI agents that rely on social media sentiment are especially vulnerable to manipulation, the study found. Attackers can use fake accounts and coordinated posts, known as a Sybil attack, named after the story of Sybil, a young woman diagnosed with Dissociative Identity Disorder, to deceive agents into making trading decisions. “An attacker could execute a Sybil attack by creating multiple fake accounts on platforms such as X or Discord to manipulate market sentiment,” the study reads. “By orchestrating coordinated posts that falsely inflate the perceived value of a token, the attacker could deceive the agent into buying a ‘pumped’ token at an artificially high price, only for the attacker to sell their holdings and crash the token’s value.” A memory injection is an attack in which malicious data is inserted into an AI agent’s stored memory, causing it to recall and act on false information in future interactions, often without detecting anything unusual. While the attacks do not directly target the blockchains, Patlan said the team explored the full range of ElizaOS’s capabilities to simulate a real-world attack. “The biggest challenge was figuring out which utilities to exploit. We could have just done a simple transfer, but we wanted it to be more realistic, so we looked at all the functionalities ElizaOS provides,” he explained. “It has a large set of features due to a wide range of plugins, so it was important to explore as many of them as possible to make the attack realistic.” Patlan said the study’s findings were shared with Eliza Labs, and discussions are ongoing. After demonstrating a successful memory injection attack on ElizaOS, the team developed a formal benchmarking framework to evaluate whether similar vulnerabilities existed in other AI agents. Working with the Sentient Foundation, the Princeton researchers developed CrAIBench, a benchmark measuring AI agents’ resilience to context manipulation. The CrAIBench evaluates attack and defense strategies, focusing on security prompts, reasoning models, and alignment techniques. Patlan said one key takeaway from the research is that defending against memory injection requires improvements at multiple levels. “Along with improving memory systems, we also need to improve the language models themselves to better distinguish between malicious content and what the user actually intends,” he said. “The defenses will need to work both ways—strengthening memory access mechanisms and enhancing the models.” Eliza Labs did not immediately respond to requests for comment by Decrypt . Edited by Sebastian Sinclair Generally Intelligent Newsletter A weekly AI journey narrated by Gen, a generative AI model. Source: https://decrypt.co/318200/elizaos-vulnerability-ai-gaslit-losing-millions
You may also like
BitsLab Deep Production: Nanobot User Security Practice Guide
BitsLab releases AI Agent Security Guidelines: Through a three-pronged strategy of "User Review + Agent Awareness + Script Hard Interception," a zero-trust security defense line is established to prevent prompt injection and sensitive data leakage risks.
What are the common traits of people who founded a $5 Billion+ company before the age of 23?
Trauma, Neurodiversity, Cross-Domain Skills. These characteristics, which may appear as "flaws" on a traditional resume, could instead be the most important signals
Why Hasn't $160 Billion Stripe Gone Public?
The Rise of Private Placements, with Companies like Stripe Rewriting Fundraising Logic.
All the AI News You Need to Know is Here, Lyrical Officially Launches AI News Feed
Users can access key information in real time without switching pages
Bitwise: Why Bitcoin Is Destined to Impact a Million Dollars?
When people talk about Bitcoin, they often overlook one key thing.
Amid Geopolitical Turmoil, Tokenized Gold Emerges Alongside Round-the-Clock On-Chain Markets
When the stock market is closed, the on-chain becomes the sole trading and pricing outlet.
Who Longs War on Polymarket?
The Rug Pull War rages on, with the potential to earn up to 4x gains on your bet
4 AI Trading Strategy Lessons from WEEX Hackathon Finalist
Finalist Bambi shares how AI tools helped turn real trading experience into an automated strategy, why survival-first risk control shaped the system’s design, and how the approach will evolve ahead of WEEX AI Trading Hackathon Season 2.
Hong Kong Crypto Ecosystem 2.0: Stablecoins, RWA, and the New Battleground for Financial Institutions
Hong Kong is no longer just a bystander in the cryptocurrency industry, but may become the core hub of the compliant cryptocurrency market in the Chinese-speaking world and even the entire Asia-Pacific region.
Polymarket Arbitrage Bible: The Real Gap is in the Mathematical Infrastructure
While retail investors are still engaged in simple probability addition, top quantitative teams are systematically harvesting millions of dollars in arbitrage profits on Polymarket using hardcore mathematical infrastructure such as integer programming and Bregman projections.
Crypto Barbarians Jupiter Series: Still Owes the Market an Answer
This entrepreneurial team from Singapore and Malaysia has indeed demonstrated its product execution capabilities to the market over the past three years, but they have also fully arbitraged every regulatory gray area with their business logic.
Bank Card Payment vs. Stablecoin Payment: Which is More Suitable for AI Agents?
Using bank cards to serve humanity and relying on stablecoins for high-frequency micro-trading with machines: Setting aside camp biases, a mixed payment architecture is the ultimate goal of AI entities in business.
Zuck is really out of touch! He actually acquired a dated Lobster-based social platform?
The asset pool Meta can now touch is not on the same level as it was in 2012
Key Market Information Discrepancy on March 11th - A Must-See! | Alpha Morning Report
1. Top News: Iran Reportedly Plants Mines in the Strait of Hormuz, Trump Warns of "Unprecedented" Military Strike
2. Token Unlock: $IO
How to Deal with Trump? Accept this "Art of the Deal Playbook"
The U.S. macro research firm The Kobeissi Letter deconstructs its "10-Step Conflict Pattern": Verbal Pressure, Friday Night Raid, Market Triple Bottom Exploration, Conditional Downgrade... concluding with a single "trade" paper.
AI Computing Power Arms Race Intensifies: This Startup Aims to Mine Bitcoin in Space
The next battleground for AI computing power is extending into space, gradually becoming a new frontier in commercial storytelling.
Claude Code launches the /btw feature, Musk X Money set to launch soon, what's the English community talking about today?
What have foreigners been most interested in over the past 24 hours?
Polymarket Arbitrage Bible: The Real Edge is in the Math Infrastructure
Predictive Market-Making Quantitative Arbitrage Logic.
BitsLab Deep Production: Nanobot User Security Practice Guide
BitsLab releases AI Agent Security Guidelines: Through a three-pronged strategy of "User Review + Agent Awareness + Script Hard Interception," a zero-trust security defense line is established to prevent prompt injection and sensitive data leakage risks.
What are the common traits of people who founded a $5 Billion+ company before the age of 23?
Trauma, Neurodiversity, Cross-Domain Skills. These characteristics, which may appear as "flaws" on a traditional resume, could instead be the most important signals
Why Hasn't $160 Billion Stripe Gone Public?
The Rise of Private Placements, with Companies like Stripe Rewriting Fundraising Logic.
All the AI News You Need to Know is Here, Lyrical Officially Launches AI News Feed
Users can access key information in real time without switching pages
Bitwise: Why Bitcoin Is Destined to Impact a Million Dollars?
When people talk about Bitcoin, they often overlook one key thing.
Amid Geopolitical Turmoil, Tokenized Gold Emerges Alongside Round-the-Clock On-Chain Markets
When the stock market is closed, the on-chain becomes the sole trading and pricing outlet.
App