New attack can steal cryptocurrency by planting false memories in AI chatbots
Malicious "context manipulation" technique causes bot to send payments to attacker's wallet.
Imagine a world where AI-powered bots can buy or sell cryptocurrency, make investments, and execute software-defined contracts at the blink of an eye, depending on minute-to-minute currency prices, breaking news, or other market-moving events. Then imagine an adversary causing the bot to redirect payments to an account they control by doing nothing more than entering a few sentences into the bot’s prompt.
That’s the scenario depicted in recently released research that developed a working exploit against ElizaOS, a fledgling open source framework.
ElizaOS is a framework for creating agents that use large language models to perform various blockchain-based transactions on behalf of a user based on a set of predefined rules. It was introduced in October under the name Ai16z and was changed to its current name in January. The framework remains largely experimental, but champions of decentralized autonomous organizations (DAOs)—a model in which communities or companies are governed by decentralized computer programs running on blockchains—see it as a potential engine for jumpstarting the creation of agents that automatically navigate these so-called DAOs on behalf of end users.
