LLM routers pose crypto theft risk, researchers find

Third-party AI Large Language Model (LLM) routers contain security vulnerabilities that could lead to cryptocurrency theft, according to a study by University of California (UC) researchers, Cointelegraph reported. The team explained that after testing 28 paid and 400 free routers, they found that nine were injecting malicious code, 17 accessed the researchers' own Amazon Web Services (AWS) credentials, and one successfully stole ETH from a researcher-owned wallet. LLM routers, which act as third-party API brokers consolidating access to AI providers like OpenAI, Anthropic, and Google, can potentially expose the private keys, seed phrases, and other sensitive data of developers using AI coding agents for smart contract or wallet operations.