New Crypto Wallet Vulnerability Raises Alarms: How Hackers Exploit MCP Protocol to Steal Digital Assets

A newly discovered security flaw in blockchain interaction protocols is sending shockwaves through the crypto community. Experts warn that the vulnerability could allow hackers to hijack transactions or steal seed phrases, potentially putting millions in digital assets at risk.

In the fast-evolving world of cryptocurrency, user experience often takes center stage — while backend protocols remain underappreciated and underprotected. But that oversight is now under scrutiny following revelations of a critical vulnerability in Crypto-MCP (Model-Context-Protocol), a framework used to connect wallets and applications with blockchain networks.

Crypto-MCP is foundational for tasks like querying balances, executing token transfers, and engaging with decentralized finance (DeFi) protocols. It's used in several mainstream implementations, such as Base MCP, Solana MCP, and Thirdweb MCP — each designed to streamline blockchain interactions with real-time data access and automated execution across multiple chains.

Yet with this functionality comes a hidden risk.

A Subtle Yet Serious Exploit

The vulnerability first came to light earlier this month when developer Luca Beurer-Kellner flagged an issue that could, in theory, allow attackers to leak private WhatsApp messages via an MCP channel. The implications went far beyond messaging: soon after, cybersecurity expert Superoo7 uncovered a potentially more damaging application in Base MCP.

The attack vector, dubbed prompt injection, allows malicious actors to manipulate AI-integrated systems — such as Cursor and Claude — to silently alter blockchain transactions. A user might intend to send a small amount of ETH to a trusted address, but in reality, the transaction is rerouted to a hacker’s wallet — all while the interface misleadingly displays the correct details.

“This risk comes from using a ‘poisoned’ MCP,” said Superoo7, Head of Data and AI at Chromia. “Hackers could trick Base MCP into sending your crypto to them instead of where you intended. If this happens, you might not notice.”

Developer Aaronjmars expanded on these concerns, pointing to a deeper flaw. He highlighted that wallet seed phrases — the master keys to a user’s crypto — are often stored unencrypted in MCP configuration files. Should an attacker gain access, they could assume full control of a user’s digital assets.

“MCP is an awesome architecture for interoperability and local-first interactions,” Aaronjmars noted. “But holy shit, current security is not tailored for Web3 needs. We need better proxy architecture for wallets.”

No Exploits Yet — But Precaution Is Crucial

While no confirmed attacks using this vulnerability have been reported so far, the risk remains high. Given the value and sensitivity of crypto wallets, a single successful exploit could lead to significant losses.

Security experts urge users to take preventive steps:

• Use MCPs only from verified, trusted sources.
• Limit wallet balances in exposed applications.
• Restrict permissions given to MCP protocols.
• Utilize tools like MCP-Scan to detect vulnerabilities.

This vulnerability isn't isolated. Last year’s SpyAgent Android malware and SparkCat demonstrated how hackers use OCR to extract seed phrases from screenshots. Microsoft also reported StilachiRAT, malware targeting browser-based crypto wallets like MetaMask and Trust Wallet.