Security researchers at GoPlus have identified a sophisticated new threat vector targeting autonomous AI agents within the decentralized finance (DeFi) ecosystem. The vulnerability, dubbed "Historical Memory Authorization," allows malicious actors to manipulate an agent's learned behaviors to authorize unauthorized fund transfers. As AI agents increasingly manage Web3 wallets and execute trades on blockchains like Ethereum and Solana, this discovery highlights a critical shift in the cybersecurity landscape where social engineering targets machine logic rather than human users.
Mechanism of Memory-Based Manipulation
The AgentGuard team at GoPlus explains that the attack occurs in two distinct phases designed to bypass traditional security filters. First, the attacker engages the AI in a series of benign interactions to instill specific preferences or rules, such as a tendency to "actively refund" assets under certain conditions. By establishing this behavioral precedent, the attacker effectively creates a hidden authorization protocol within the agent's long-term memory. This process exploits the Large Language Models' (LLMs) tendency to maintain context and follow established conversational patterns.
Triggering Unauthorized Fund Operations
Once the "memory" is established, the attacker uses vague or coded language to execute the exploit without triggering keyword-based security alerts. According to the report, phrases such as "handle according to the old rules" or "handle as usual" are used to prompt the AI to perform high-risk fund operations based on the previously planted instructions.
- Exploitation of contextual memory to bypass direct command monitoring.
- Use of ambiguous prompts to initiate transfers to attacker-controlled addresses.
- Difficulty in detection due to the gradual nature of the behavioral conditioning.
Implications for AI-Driven Crypto Security
The rise of AI-driven automation in crypto—ranging from yield aggregators to autonomous trading bots—necessitates more robust defense mechanisms. GoPlus emphasizes that current security frameworks must evolve to monitor not just individual transactions, but the evolution of an agent's internal logic and "memory" state. The firm suggests that high-risk behaviors rooted in historical authorization require mandatory human-in-the-loop verification or specialized AI auditing tools.
As the integration of Artificial Intelligence and Blockchain technology matures, the "Historical Memory Authorization" attack serves as a vital reminder of the unique risks posed by non-human actors. For developers and users of AI agents, ensuring that instructions are transparent and that memory cannot be used to override safety protocols is essential for protecting digital assets in an increasingly automated financial world.
Frequently Asked Questions
Quick answers to the most common questions about this topic.
For educational purposes only. Nothing here constitutes financial or investment advice. Crypto markets are highly volatile — always DYOR before making any decisions.
Fact-checked per our editorial policy. We maintain strict independence from advertisers. Spot an error? Let us know.