Agentic AI risk in crypto
Exchanges and security shops are warning that autonomous AI agents create systemic crypto risks — Bitget and SlowMist flag prompt‑injection and over‑permission vectors that could let agents behave unpredictably on billions in capital (x.com). Observers are asking 'how do you verify' when agents trade at scale and even exploring Lightning/A2A escrow as a no‑counterparty layer for agentic settlements (x.com).
Bitget and blockchain-security firm SlowMist published a joint AI‑agent trading security report on March 20, 2026, outlining new attack surfaces as agents move from analysis to execution. (markets.financialcontent.com) Bitget said it serves about 125 million users and provides access to over 2 million crypto tokens, framing the scale at which any agentic failure could cascade. (theglobeandmail.com) The report names concrete mitigations—including minimum‑privilege APIs, sub‑account isolation and “human‑machine confirmation” signatures—as recommended controls for automated trading deployments. (chaincatcher.com) SlowMist’s testing includes live scenarios such as chaining an agent control module (“OpenClaw”) to Telegram for remote commands and the Notion agent’s exposure to hidden‑text prompt injection in uploaded files. (bee.com) SlowMist enumerated multiple distinct threat categories—prompt injection, malicious/plugin supply‑chain poisoning, decision‑layer errors, privacy leaks and high‑privilege execution risks—presenting at least seven attack vectors. (panewslab.com) At least three settlement projects are publicly positioning escrow as a mitigation: the A2A Settlement spec and GitHub implementation for atomic escrow, and commercial plays such as Abba Baba (which launched on Base mainnet March 1, 2026) that offer on‑chain escrow and dispute primitives for agent payments. (github.com)
