Crypto users often focus on the user interface and pay less attention to complex internal protocols. Security experts have recently raised concerns about a critical vulnerability in Crypto-MCP (Model-Context-Protocol), a protocol for connecting and interacting with blockchains.
This flaw allows hackers to steal digital assets. You can redirect transactions and publish seed phrases. This is the key to accessing crypto wallets.
How dangerous is a cryptographic MCP vulnerability?
Crypto-MCP is a protocol designed to support blockchain tasks. These tasks include balancing queries, sending tokens, deploying smart contracts, and interacting with distributed finance (DEFI) protocols.
Protocols such as Base Base MCP, Solana MCP from Solana, ThirdWeb MCP, and more provide powerful features. These include real-time blockchain data access, automated transaction execution, and multi-chain support. However, the complexity and openness of protocols also introduces security risks if not properly managed.
Developer Luca Beurer-Kellner first raised the issue in early April. He warned that MCP-based attacks could leak WhatsApp messages through protocols and bypass WhatsApp security.
Following this, Chromia data and AI Head (SuperOO7) investigated and reported potential vulnerabilities in the base MCP. This issue affects two popular AI platforms: Cursor and Claude. This flaw allows hackers to use “fast injection” technology to change the recipient address of crypto transactions.
For example, if a user attempts to send 0.001 ETH to a particular address, the hacker can insert malicious code and redirect the fund to the wallet. What’s worse, users may not realize that anything is wrong. The interface continues to display details of the original intended transaction.
“This risk arises from using “poisoned” MCPs. Hackers can trick the base MCP into sending ciphers to them rather than where they were intended. If this happens, you may not notice it.”

Demonstration of rapid injection with Crypto-MCP. Source: superoo7
Developer Aaronjmars pointed out an even more serious problem. Wallet seed phrases are often stored unencrypted in the MCP configuration file. If hackers have access to these files, they can easily steal seed phrases and have full control over the user’s wallet and digital assets.
“MCP is a great architecture for interoperability and local first interaction. But sacred shit, current security is not tailored to the needs of Web3. We need a better proxy architecture for our wallets,” stressed Aaronjmars.
So far, there have been no confirmed cases of this vulnerability being exploited to steal crypto assets. However, the potential threat is serious.
According to SuperOO7, users should use MCP only from trusted sources to protect themselves by minimizing wallet balance, limiting MCP access rights, and using MCP scan tools to check for security risks.
Hackers can steal seed phrases in many ways. A report from Security Intelligence late last year revealed that Android malware called Spyagent targets seed phrases by stealing screenshots.
Kaspersky also discovered Sparkcat malware that uses OCR to extract seed phrases from images. Meanwhile, Microsoft has warned about Stilachirat, a malware that targets 20 Crypto Wallet Browser extensions for Google Chrome, including Metamask and Trust Wallet.
Discover more from Earlybirds Invest
Subscribe to get the latest posts sent to your email.