Recently, I think quite a few people are using AI assistants, but there’s actually a pretty serious risk hidden behind the scenes. According to security researchers, more than 300 malicious AI plugins exist, and they seem to be stealing wallet data and exchange authentication information.

Why is this happening? It’s because AI assistants generally have far higher permissions than ordinary software. They can access the file system, read browser data, and even view your emails. And they can even directly manipulate wallet files. This means the danger is at a level comparable to having the entire computer effectively taken over.

What’s scary is that this kind of attack can proceed almost silently. There are no pop-ups or warning screens—nothing shows up. Data is quietly stolen in the background and sent to the attacker, while the user remains unaware. And by the time they notice, it’s already a nightmare: the account has been completely compromised.

Specifically, if mnemonic phrase or private keys leak, you lose complete control of your wallet. Or if an exchange’s login information is stolen, attackers may do everything from password resets to seizing 2段階認証コード, and ultimately siphon off funds. If an API key leaks, trading can be carried out or funds can be manipulated without authorization. If your email account is taken over, then multiple accounts can be compromised one after another.

That’s why we need to take solid countermeasures. First, you should never store mnemonic phrase or private keys in an AI tool. Also, don’t grant access rights to wallet files. Ideally, you should completely separate an AI device from a device used for trading. You should also avoid installing unverified plugins or skills.

Security settings are also important. Make sure you enable all security features on exchanges: login passwords, trading passwords, 2段階認証, and passkey authentication—everything. If you use API keys, restrict their permissions to the minimum, and make absolutely sure withdrawal permissions are disabled. Also, regularly check the security of your devices to confirm that no strange software or browser plugins have been installed.

In short, in exchange for the convenience of AI, you must not lose your vigilance in protecting wallet data. Software that has system-level permissions can become an entry point for attackers. Especially in the crypto asset world, once authentication information or mnemonic phrase leaks, your assets may be lost forever. I think that’s a line you must never compromise on.