On October 21, 2025, OpenAI unveiled ChatGPT Atlas — A browser with AI built right into its core. Unlike regular click-and-type browsers, Atlas has a “proxy mode” that allows ChatGPT to take over. AI can fill out forms, navigate through websites, make purchases, and complete complex tasks without ever touching a keyboard.
This technology represents a major shift in how we use the Internet. But security researchers are sounding the alarm about what this means for people who own cryptocurrencies.
The promise of an artificial intelligence agent
Agent AI refers to artificial intelligence systems that work autonomously to achieve goals. Instead of just answering questions, these AI agents can do things for you.
Atlas agent mode can analyze recipes, search for ingredients in nearby stores, add items to shopping carts, and arrange delivery — all while browsing other tabs. For cryptocurrency users, this could mean AI agents that automatically find the best trading opportunities, manage digital wallets, or interact with blockchain applications.
source: @OpenAI
The cryptocurrency industry is betting big on this technology. Artificial intelligence agent codes It rose 222% in the fourth quarter of 2024, rising from less than $5 billion to more than $15 billion. Industry experts expect the size of this market to reach $60 billion by the end of 2025.
By the end of the year, blockchain networks could host more than 1 million AI clients, compared to about 10,000 currently active. These agents are already earning millions of dollars weekly through automated cryptocurrency activities.
Hidden danger: Rapid injection attacks
This is where things get dangerous. Security researchers have discovered that proxy browsers have a serious flaw called “instant injection.” This attack tricks AI into following malicious instructions hidden on websites.
Think of it this way: When you ask your AI browser to summarize a web page, it reads everything on that page, including instructions you can’t see. Attackers can hide commands in white text on white backgrounds, in HTML comments, or behind spoiler marks on social media posts.
Brave Browser Security Team This vulnerability was tested on Perplexity’s Comet browser (another AI browser). They created a proof-of-concept attack that was terrifyingly simple. A user visited a Reddit post containing a hidden instant entry code. When a user clicks “Summary this web page,” the AI secretly does the following:
-
Go to the user’s email account
-
Read the one-time password from their inbox
-
Send this password to the attacker by replying to the Reddit comment
The entire attack happened automatically. The user had no idea that his account had been hijacked.
Why should cryptocurrency users be so concerned?
For cryptocurrency holders, these vulnerabilities create nightmare scenarios. Unlike a stolen password that you can reset, stolen cryptocurrencies are gone forever.
Researchers at Princeton University found that AI agents with access to cryptocurrency wallets can be manipulated through “memory injection” attacks. These false memories persist across multiple interactions and can spread across platforms. A single compromised interaction can impact multiple users sharing the same AI system.
The financial risks are enormous. In 2024, cryptocurrency hacks resulted in approximately $2.2 billion in losses. In just the first quarter of 2025, cryptocurrency thefts jumped by 303%.
Now imagine that an AI agent has permission to access your cryptocurrency wallet. An attacker can craft a malicious claim that tricks the agent into transferring your funds to their address. AI may think it is helping you invest when it is actually stealing your money.
Security firm Trail of Bits has demonstrated its ability to bypass human approval protections in several AI client platforms, achieving remote code execution. Another AI system called A1 successfully exploited smart contracts on Ethereum and Binance Smart Chain, extracting up to $8.59 million per instance.
Traditional security measures are not working
The problem goes deeper than individual attacks. When an AI agent follows instructions from a hacked web page, all normal security protections are rendered useless.
Traditional web security relies on things like same-origin policy and cross-origin resource sharing. These prevent sites from accessing data from other sites. But the AI agents work with your full permissions across all your signed-in accounts. They can access your email, banking, social media, and cryptocurrency wallets simultaneously.
like Dawn song“This is uncharted territory, given the power, capabilities, and autonomy of these agents. This opens up much larger attack surfaces,” explained the UC Berkeley computer science professor and AI safety expert.
OpenAI’s safety measures are inadequate
OpenAI acknowledges the risks. Atlas includes several protections: The agent cannot run code, download files, or access your computer’s file system. It pauses before taking any action on financial websites and requires permission to open new tabs.
The company warns users: “ChatGPT is designed to protect you, but there is always some risk that attackers will successfully break our security measures to access your data, or take actions while you are logged into sites.”
But security researchers remain skeptical. “The security and privacy risks involved are still too high for me — I certainly wouldn’t trust any of these products until a group of security researchers hit them hard,” wrote Simon Willison, an open source developer who closely follows AI security.
What Cryptocurrency Users Can Do Now
Despite the risks, there are practical steps to protect yourself if you choose to use proxy browsers:
Never give AI agents direct access to cryptocurrency wallets. Keep your crypto accounts completely separate from any AI-powered browsing.
Enable multi-factor authentication on all cryptocurrency exchanges and wallet services. This adds an important layer of protection even if an AI agent leaks your password.
Set strict spending limits. If you must use AI agents for crypto tasks, configure maximum transaction amounts and create allowed lists of approved wallet addresses.
Stay logged out. Use proxy features only when logging out of sensitive accounts. Do not allow the AI browser to access your authenticated sessions.
Watch artificial intelligence in action. When using Proxy Mode, monitor what it does in real time. OpenAI allows users to pause tasks or take control at any time.
Update constantly. Security patches are released regularly when researchers discover new security vulnerabilities. Keep your browser updated.
Be skeptical of offers that are too good to be true. Attackers are already creating fake cryptocurrency trading websites specifically designed to trick AI agents into revealing payment information.
Why AI needs cryptocurrencies (and vice versa)
Despite the security concerns, there is a real reason behind this Artificial intelligence and cryptocurrencies Converging. As John D’Agostino, head of institutional strategy at Coinbase, explained: Traditional banking systems are too slow for AI clients. He compared using legacy financial systems with AI agents to “trying to stream a movie on a dial-up modem.”
Cryptocurrency transactions take place 24/7 without delay. AI agents who may need to make purchases at any hour cannot wait for banks to open. Blockchain technology provides the fast, programmable money that independent agents need.
Coinbase launched “Based Agent” in October 2024, a template that creates an AI agent with a cryptocurrency wallet in less than three minutes. These agents can automatically execute trades, swap tokens, and share cryptocurrencies.
Some AI agents have already succeeded. The ai16z project has created an agent named Eliza that independently manages a liquidity pool on the Solana blockchain, reportedly generating annual returns exceeding 60%.
The way forward
The proxy AI market could reach $140.8 billion by 2032. But right now, the technology isn’t ready to handle cryptocurrencies securely.
“There is no AI technology today that can automate Web3 transactions in a reliable and secure way,” said Forrester analyst Magdalena Johannes. The risks of exploitation remain very high.
Major challenges remain unresolved. Decentralized AI models lag far behind centralized systems like OpenAI’s ChatGPT in terms of speed and performance. There are no regulatory frameworks yet for AI agents handling financial transactions. The underlying instant injection vulnerability appears systematically across all proxy browsers, not just isolated bugs that can be patched.
