[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"article-ai-agents-crypto-hidden-router-security-gap-zh":3,"tags-ai-agents-crypto-hidden-router-security-gap-zh":33,"related-lang-ai-agents-crypto-hidden-router-security-gap-zh":46,"related-posts-ai-agents-crypto-hidden-router-security-gap-zh":50,"series-blockchain-6639d1ca-4a77-4e76-a8aa-dc756e6f419f":87},{"id":4,"title":5,"content":6,"summary":7,"source":8,"source_url":9,"author":10,"image_url":11,"keywords":12,"language":21,"translated_content":10,"views":22,"is_premium":23,"created_at":24,"updated_at":24,"cover_image":11,"published_at":25,"rewrite_status":26,"rewrite_error":10,"rewritten_from_id":27,"slug":28,"category":29,"related_article_id":30,"status":31,"google_indexed_at":32,"x_posted_at":10,"tweet_text":10,"title_rewritten_at":10,"title_original":10,"key_takeaways":10,"topic_cluster_id":10,"embedding":10,"is_canonical_seed":23},"6639d1ca-4a77-4e76-a8aa-dc756e6f419f","AI 代理碰上加密貨幣的路由風險","\u003Cp>AI 代理正在碰支付流程。\u003Ca href=\"https:\u002F\u002Fwww.mckinsey.com\u002F\" target=\"_blank\" rel=\"noopener\">McKinsey\u003C\u002Fa> 預估，到 \u003Ca href=\"\u002Fnews\u002Fcrypto-ai-agents-2026-on-chain-autonomy-zh\">20\u003C\u002Fa>30 年，AI 代理可能介入 3 兆到 5 兆美元的消費交易。\u003Ca href=\"https:\u002F\u002Fx.com\u002Fbrian_armstrong\" target=\"_blank\" rel=\"noopener\">Brian Armstrong\u003C\u002Fa> 也說，代理很快會比人類更常做網路交易。\u003C\u002Fp>\u003Cp>聽起來很猛，但問題也很\u003Ca href=\"\u002Fnews\u002Fclad-log-anomaly-detection-compressed-bytes-zh\">直接\u003C\u002Fa>。研究團隊指出，真正危險的地方，不一定是 LLM 本身，而是中間那層 \u003Ca href=\"https:\u002F\u002Fopenai.com\u002F\" target=\"_blank\" rel=\"noopener\">OpenAI\u003C\u002Fa>、\u003Ca href=\"https:\u002F\u002Fwww.anthropic.com\u002F\" target=\"_blank\" rel=\"noopener\">Anthropic\u003C\u002Fa> 和應用程式之間的 router。這層東西會看見很多你以為看不到的資料。\u003C\u002Fp>\u003Cp>講白了，這不是模型太聰明。是管線太鬆。當錢包地址、API token、簽署請求都會經過中介層，風險就不是理論題，而是金流題。\u003C\u002Fp>\u003Ch2>LLM router 到底在做什麼\u003C\u002Fh2>\u003Cp>你可以把 LLM router 想成 AI 請求的交通管制站。它負責把 prompt 送去不同模型，也會處理格式轉換、模型切換、回傳路徑。這對成本、延遲、備援都很有用。\u003C\u002Fp>\n\u003Cfigure class=\"my-6\">\u003Cimg src=\"https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1776255036137-97ub.png\" alt=\"AI 代理碰上加密貨幣的路由風險\" class=\"rounded-xl w-full\" loading=\"lazy\" \u002F>\u003C\u002Ffigure>\n\u003Cp>問題在於，它也站在資料最敏感的位置。它看到的，不只是文字內容，還可能包含工具參數、系統提示詞、外部 API 回應，甚至是跟錢有關的欄位。這種位置，對攻擊者來說很香。\u003C\u002Fp>\u003Cp>更麻煩的是，很多產品把 router 包裝得很平滑。使用者看到的是「我在跟 AI 對話」，但實際上，資料可能先經過一堆第三方服務。這就像你以為自己是直達車，結果中間偷偷換了兩次車。\u003C\u002Fp>\u003Cp>這篇研究的作者來自 \u003Ca href=\"https:\u002F\u002Fwww.ucsb.edu\u002F\" target=\"_blank\" rel=\"noopener\">UC Santa Barbara\u003C\u002Fa>、\u003Ca href=\"https:\u002F\u002Fucsd.edu\u002F\" target=\"_blank\" rel=\"noopener\">UC San Diego\u003C\u002Fa>、\u003Ca href=\"https:\u002F\u002Ffuzz.land\" target=\"_blank\" rel=\"noopener\">Fuzzland\u003C\u002Fa> 和 \u003Ca href=\"https:\u002F\u002Fwww.worldlibertyfinancial.com\" target=\"_blank\" rel=\"noopener\">World Liberty Financial\u003C\u002Fa>。他們指出，這層中介在 crypto 場景特別危險，因為金鑰和簽署動作常常不會經過很嚴格的隔離。\u003C\u002Fp>\u003Cul>\u003Cli>router 可能看到 prompt、工具呼叫和回應內容。\u003C\u002Fli>\u003Cli>router 可能改寫工具參數。\u003C\u002Fli>\u003Cli>router 可能把請求轉送到攻擊者控制的端點。\u003C\u002Fli>\u003Cli>router 也可能成為憑證外洩入口。\u003C\u002Fli>\u003C\u002Ful>\u003Ch2>真正可怕的是，它已經出事了\u003C\u002Fh2>\u003Cp>這篇研究最刺眼的地方，不是抽象威脅，而是已經有實際案例。研究者 \u003Ca href=\"https:\u002F\u002Fx.com\u002Fchaofan_shou\" target=\"_blank\" rel=\"noopener\">Chaofan Shou\u003C\u002Fa> 在 X 上寫得很直白：有 26 個 LLM routers 會偷偷注入惡意工具呼叫，還會偷憑證。這種說法很硬，但重點是它把問題拉回現場。\u003C\u002Fp>\u003Cblockquote>“26 LLM routers are secretly injecting malicious tool calls and stealing creds. One drained our client $500k wallet.” — Chaofan Shou\u003C\u002Fblockquote>\u003Cp>這句話的殺傷力很高。因為它不是在講模型幻覺，而是在講金錢損失。若 router 能把原本正常的工具呼叫換成惡意版本，結果可能是轉帳、授權、外洩，三種都來。\u003C\u002Fp>\u003Cp>研究者還提到，一個測試用 Ethereum 錢包因為私鑰外洩而被掏空。這種事在鏈上世界很殘酷。密鑰一旦出去，通常沒有客服可以幫你按復原鍵。\u003C\u002Fp>\u003Cp>我覺得這件事最麻煩的地方，是使用者常常只看品牌，不看中介。你以為自己在跟某個大模型互動，實際上，資料可能先被 router 看過一輪。等出事時，大家還會先怪模型，卻忽略真正的洞在中間。\u003C\u002Fp>\u003Ch2>為什麼 crypto 特別容易中槍\u003C\u002Fh2>\u003Cp>crypto 的交易設計，本來就很吃信任邊界。傳統金融有多層審核、風控、撤銷機制。鏈上交易則很直接。簽了就是簽了，送出去通常就回不來。\u003C\u002Fp>\n\u003Cfigure class=\"my-6\">\u003Cimg src=\"https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1776255028731-2itr.png\" alt=\"AI 代理碰上加密貨幣的路由風險\" class=\"rounded-xl w-full\" loading=\"lazy\" \u002F>\u003C\u002Ffigure>\n\u003Cp>AI 代理一旦被授權，就不只是聊天機器人。它可以幫你下單、轉帳、呼叫合約、跑腳本。也就是說，它拿到的是行動權，不只是建議權。這種權限一旦被 router 動手腳，後果很快就會出現。\u003C\u002Fp>\u003Cp>研究團隊提到，他們能夠「poison」部分 router 生態，讓流量被轉送。這代表攻擊面不只是單點，而是整個中介網路。當一個服務被污染，後面可能連著一串下游系統。\u003C\u002Fp>\u003Cul>\u003Cli>惡意 router 可把正常指令換掉。\u003C\u002Fli>\u003Cli>它可偷走經過的憑證。\u003C\u002Fli>\u003Cli>它可把流量導向攻擊者主機。\u003C\u002Fli>\u003Cli>它可讓下游主機在毫無警告下被接管。\u003C\u002Fli>\u003C\u002Ful>\u003Cp>這跟一般聊天應用不太一樣。聊天被偷看很煩，但 crypto 被偷看會直接掉錢。差別就是這麼粗暴。對支付系統來說，訊息路徑如果不可信，整個架構就很難安心。\u003C\u002Fp>\u003Cp>而且現在很多 agentic stack 都是多供應商拼起來的。中間有 wrap\u003Ca href=\"\u002Fnews\u002Fopenai-launches-gpt-54-cyber-defense-work-zh\">pe\u003C\u002Fa>r、有 router、有工具網關、有金鑰服務。每一層都說自己很安全，但只要其中一層偷懶，整條鏈就會破。\u003C\u002Fp>\u003Ch2>數據怎麼比，風險怎麼看\u003C\u002Fh2>\u003Cp>如果只看表面，很多人會以為這只是「AI 安全」的一小塊。但數字放上來後，味道就變了。McKinsey 給的 3 兆到 5 兆美元，是超大級別的交易量。只要其中一小部分出事，損失都會很可觀。\u003C\u002Fp>\u003Cp>再看業界說法。Brian Armstrong 認為代理很快會比人類更常做網路交易。\u003Ca href=\"https:\u002F\u002Fwww.binance.com\u002F\" target=\"_blank\" rel=\"noopener\">Binance\u003C\u002Fa> 創辦人 \u003Ca href=\"https:\u002F\u002Fx.com\u002Fcz_binance\" target=\"_blank\" rel=\"noopener\">Changpeng Zhao\u003C\u002Fa> 甚至提到，代理可能做出比人類多一百萬倍的支付，而且都在 crypto 裡發生。這不是小流量測試，這是大規模自動化。\u003C\u002Fp>\u003Cp>問題是，規模越大，router 越像高價值目標。下面這幾點很值得看：\u003C\u002Fp>\u003Cul>\u003Cli>3 兆到 5 兆美元，是 McKinsey 對 2030 的預估。\u003C\u002Fli>\u003Cli>1 百萬倍支付量，是 CZ 對代理支付的判斷。\u003C\u002Fli>\u003Cli>26 個 router，被研究者點名會注入惡意工具呼叫。\u003C\u002Fli>\u003Cli>1 個案例，讓客戶損失 50 萬美元錢包資產。\u003C\u002Fli>\u003C\u002Ful>\u003Cp>如果你是做產品的人，這些數字代表一件事。你不能只保護模型 API。你還得保護路由層、工具層、金鑰層。這三層任何一層鬆掉，AI 代理就會從幫手變成破口。\u003C\u002Fp>\u003Cp>競品面也很清楚。直接串模型的 app，風險集中在模型供應商。加上 router 的系統，風險會多一層，但也多了觀測與控管空間。重點不是用不用 router，而是你有沒有把它當核心資產在管。\u003C\u002Fp>\u003Ch2>這波其實是舊問題換新包裝\u003C\u002Fh2>\u003Cp>說真的，這個問題不新。以前雲端時代，大家就吵過 API gateway、proxy、secret management。現在只是把同一套老問題，搬到 AI 代理和 crypto 支付上。\u003C\u002Fp>\u003Cp>差別在於，AI 代理會主動做事。以前是人按按鈕，現在是模型自己串工具、自己下命令。當權限移給軟體，攻擊者就不必等人犯錯，只要找中介層下手就行。\u003C\u002Fp>\u003Cp>這也是為什麼很多安全團隊現在開始盯資料流，而不是只盯模型準確率。準確率再高，router 如果會偷改工具呼叫，還是照樣出事。模型回答對了，不代表交易就安全。\u003C\u002Fp>\u003Cp>產業上，這會逼大家重新想兩件事。第一，哪些資訊可以進 router。第二，哪些動作一定要做雙重驗證。尤其是錢包簽署、私鑰處理、合約呼叫，這些都不能再用「先跑再說」的態度。\u003C\u002Fp>\u003Ch2>接下來應該怎麼做\u003C\u002Fh2>\u003Cp>如果你在做 agentic crypto 產品，我會先看三件事。金鑰有沒有離開安全模組。工具呼叫有沒有可驗證紀錄。router 能不能被獨立審計。這三項沒過，別急著上主網。\u003C\u002Fp>\u003Cp>我的判斷很直接。下一波能活下來的團隊，不會只是比誰的 LLM 比較會講話。會是那些能證明中間那層夠乾淨、夠可查、也夠難被改的人。你如果想做 AI 代理支付，先把路由層當成金庫門口，再談擴張。\u003C\u002Fp>","AI 代理正快速進入支付場景，但 LLM router 可能偷看金鑰、改寫工具呼叫，甚至把錢包掏空。","www.coindesk.com","https:\u002F\u002Fwww.coindesk.com\u002Ftech\u002F2026\u002F04\u002F13\u002Fai-agents-are-set-to-power-crypto-payments-but-a-hidden-flaw-could-expose-wallets",null,"https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1776255036137-97ub.png",[13,14,15,16,17,18,19,20],"AI agents","crypto security","LLM router","錢包安全","工具呼叫","私鑰","支付安全","代理式 AI","zh",0,false,"2026-04-15T12:10:07.698811+00:00","2026-04-15T12:10:07.482+00:00","done","abf220eb-3226-430d-9efe-4f96d8d65f2b","ai-agents-crypto-hidden-router-security-gap-zh","blockchain","f01bb8bd-92d0-4f81-849d-093e3ce6350c","published","2026-04-16T09:00:09.022+00:00",[34,36,38,39,41,42,43,45],{"name":15,"slug":35},"llm-router",{"name":20,"slug":37},"代理式-ai",{"name":17,"slug":17},{"name":14,"slug":40},"crypto-security",{"name":16,"slug":16},{"name":18,"slug":18},{"name":13,"slug":44},"ai-agents",{"name":19,"slug":19},{"id":30,"slug":47,"title":48,"language":49},"ai-agents-crypto-hidden-router-security-gap-en","AI agents in crypto expose a hidden router risk","en",[51,57,63,69,75,81],{"id":52,"slug":53,"title":54,"cover_image":55,"image_url":55,"created_at":56,"category":29},"8c37fa14-a081-4810-b5b8-2a2a184a7d1d","web3-communication-trust-infrastructure-2026-zh","Web3 溝通正在變成信任基礎設施","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1778797251989-it0w.png","2026-05-14T22:20:32.600359+00:00",{"id":58,"slug":59,"title":60,"cover_image":61,"image_url":61,"created_at":62,"category":29},"9059e494-8f72-4c34-a888-2424c682da10","why-bases-x402-protocol-matters-more-than-100m-zh","為什麼 Base 的 x402 協議比 1 億美元里程碑更重要","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1778719260627-a0va.png","2026-05-14T00:40:19.962138+00:00",{"id":64,"slug":65,"title":66,"cover_image":67,"image_url":67,"created_at":68,"category":29},"74969a5b-7ec5-4686-80ee-fa39a5cc43d4","gala-games-web3-gaming-2026-zh","Gala Games 在 Web3 遊戲找回存在感","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1778689265110-p0y5.png","2026-05-13T16:20:41.782583+00:00",{"id":70,"slug":71,"title":72,"cover_image":73,"image_url":73,"created_at":74,"category":29},"d330d44a-4eff-4ba6-aa72-5ef246e31c64","why-lace-20-matters-more-than-cardanos-next-hard-fork-zh","為什麼 Lace 2.0 比 Cardano 下一次硬分叉更重要","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1778681462051-f600.png","2026-05-13T14:10:25.488549+00:00",{"id":76,"slug":77,"title":78,"cover_image":79,"image_url":79,"created_at":80,"category":29},"0af0a4b2-b0a1-4a52-8fe9-1328bde87c8e","why-ethereum-treasury-buying-is-a-bad-bet-zh","為什麼 Ethereum Treasury Buying 正在變成一筆差勁的長…","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1778386236909-ytls.png","2026-05-10T04:10:21.784208+00:00",{"id":82,"slug":83,"title":84,"cover_image":85,"image_url":85,"created_at":86,"category":29},"ab3ef302-99ee-40b3-b2d0-4b67a9049ec4","yakovenko-warns-ai-could-crack-pqc-wallets-zh","Yakovenko 警告：AI 可能破解 PQC 錢包","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1778170266863-wnnh.png","2026-05-07T16:10:41.097774+00:00",[88,93,98,103,108,113,118,123,128,133],{"id":89,"slug":90,"title":91,"created_at":92},"e1b4b518-f86b-410c-8c82-8cfb787ff2ef","moonpay-open-wallet-standard-ai-payments-zh","MoonPay 推 OWS，瞄準 AI 付款","2026-03-28T03:08:33.379969+00:00",{"id":94,"slug":95,"title":96,"created_at":97},"e72bae29-ddbd-437b-aaa4-cd662605394b","next-gen-crypto-simulators-ai-web3-training-zh","新一代加密模擬器更聰明了","2026-04-01T09:36:33.917023+00:00",{"id":99,"slug":100,"title":101,"created_at":102},"b8e39b58-6b9d-4714-92d3-26df18a3e0f4","rtk-cuts-claude-code-token-spend-zh","RTK 讓 Claude Code 少燒 Token","2026-04-01T10:24:29.259497+00:00",{"id":104,"slug":105,"title":106,"created_at":107},"7ff10146-4ca0-4670-a02c-384dde04f610","trm-labs-ai-agents-crypto-investigations-zh","TRM Labs 將 AI agent 帶進加密調查","2026-04-01T10:33:30.166266+00:00",{"id":109,"slug":110,"title":111,"created_at":112},"00668dea-9f0e-4019-b861-03817d5a8877","how-web3-marketing-changed-in-2026-zh","2026 Web3 行銷怎麼變了","2026-04-02T01:36:34.973322+00:00",{"id":114,"slug":115,"title":116,"created_at":117},"e7992274-42ee-40bc-bb05-97250098c56c","ai-agentic-defi-web3-grants-march-2026-zh","AI、Agentic DeFi 與 Web3 補助案","2026-04-02T05:51:36.857954+00:00",{"id":119,"slug":120,"title":121,"created_at":122},"5cef810b-af3d-467a-8b41-627769eca895","why-crypto-is-fixated-on-ai-agents-zh","為何加密圈盯上 AI Agent","2026-04-02T05:54:28.919864+00:00",{"id":124,"slug":125,"title":126,"created_at":127},"d30e6203-d522-41a1-b529-fcf4499cd985","web3-explained-what-it-is-why-it-matters-zh","Web3 是什麼，為何重要","2026-04-02T06:15:32.580114+00:00",{"id":129,"slug":130,"title":131,"created_at":132},"f29e65ae-64df-463b-ba22-afd9dcbd0f8f","trust-wallet-agent-kit-ai-trade-25-chains-zh","Trust Wallet 讓 AI 幫你交易","2026-04-02T06:27:33.183404+00:00",{"id":134,"slug":135,"title":136,"created_at":137},"91022b4c-b53e-4c18-abfe-914a8eca6e28","blockchain-in-ai-real-use-cases-zh","區塊鏈加 AI，真實落地在哪裡","2026-04-02T06:30:44.026286+00:00"]