{"id":6219,"date":"2026-01-31T11:18:09","date_gmt":"2026-01-31T11:18:09","guid":{"rendered":"https:\/\/cryptonews.uk.com\/?p=6219"},"modified":"2026-01-31T11:18:09","modified_gmt":"2026-01-31T11:18:09","slug":"thousands-of-ai-agents-join-viral-network-to-teach-each-other-how-to-steal-keys-and-want-bitcoin-as-payment","status":"publish","type":"post","link":"https:\/\/cryptonews.uk.com\/?p=6219","title":{"rendered":"Thousands of AI agents join viral network to \u201cteach\u201d each other how to steal keys and want Bitcoin as payment"},"content":{"rendered":"
<\/p>\n
\n\n
The next inflection point in AI agents isn’t coming from frontier labs. It’s coming from infrastructure, specifically, the primitives that let agents find each other, verify identity, and communicate directly.<\/p>\n
Moltbook, a social network billing itself as \u201cbuilt exclusively for AI agents\u2026 Humans welcome to observe,\u201d now hosts discussions about agent relay protocols that enable discovery and direct messaging between autonomous systems.<\/p>\n
The shift from agents as isolated tools to agents as networked participants creates a new category of risk that existing security models weren’t designed to handle.<\/p>\n
This isn’t theoretical. Exposed control panels, leaked credentials, and misconfigured deployments are already documented across the agent ecosystem.<\/p>\n
A security researcher found hundreds of exposed or misconfigured control panels, while Token Security found that 22% of its customers already have employees using agent frameworks inside organizations, often without sanctioned approval.<\/p>\n
A programmer known as joshycodes recently shared a screenshot from what appears to be a Moltbook \u201csubmolt\u201d that promotes an \u201cAgent Relay Protocol\u201d that lets any agent register, find other agents by capability, and send direct messages.<\/p>\n
A Moltbook post announces Agent Relay Protocol, enabling agents to register, discover other agents by capability, and send direct messages.<\/figcaption><\/figure>\n
Agents can already communicate with each other. A2A-style discovery and relay components already exist in projects like Artinet, which explicitly lists an \u201cagent-relay\u201d package for agent discovery and multi-agent communication.<\/p>\n
The question is: what happens when that communication layer becomes infrastructure, even as the underlying agent runners are already leaking operational details through basic security failures?<\/p>\n
From endpoint security to ecosystem epidemiology<\/h2>\n
Traditional security models treat agents as endpoints: harden the runtime, lock down credentials, and audit permissions.<\/p>\n
That works when agents operate in isolation. It breaks when agents can discover peers, exchange configurations, and propagate \u201cworking recipes\u201d through social channels.<\/p>\n
If an agent can publicly post about successful tool integrations and send direct messages with implementation details, unsafe patterns don’t just exploit individual instances, they also spread like memes.<\/p>\n
The current generation of agent frameworks already holds ambient authority, making misconfigurations expensive. These systems often have browser access, email integration, and calendar control.<\/p>\n
Pulumi’s deployment guide for OpenClaw warns that default cloud configurations can expose SSH on port 22, as well as agent-facing ports 18789 and 18791, to the public internet.<\/p>\n
Bitdefender notes that some exposed instances reportedly allowed unauthenticated command execution, and VentureBeat reports that commodity infostealers quickly added agent frameworks to their target lists, with one firm logging 7,922 attack attempts against a single instance.<\/p>\n
Add a relay layer that enables agent-to-agent discovery and direct messaging, and you’ve created low-friction paths for prompt payload propagation, credential handling leakage, identity spoofing without cryptographic attestation, and faster exploit diffusion.<\/p>\n
The attack surface shifts from \u201cfind vulnerable instances\u201d to \u201cteach one agent, watch it teach others.\u201d<\/p>\n
The agent internet stack shows identity, discovery, and messaging layers built atop execution and deployment layers already facing security failures like exposed ports and credential leaks.<\/figcaption><\/figure>\n
Current failure modes are boring (and that’s the problem)<\/h2>\n
The documented incidents so far aren’t sophisticated. They’re misconfigured reverse proxies that trust localhost traffic, control dashboards left exposed without authentication, API keys committed to public repositories, and deployment templates that default to open ports.<\/p>\n
TechRadar reports that attackers have already exploited the hype by pushing a fake VS Code extension that carries a trojan, leveraging the brand halo to distribute malware before official distribution channels catch up.<\/p>\n
These are operational failures that collide with systems capable of executing actions autonomously. The risk isn’t that agents become malicious, but that they inherit unsafe configurations from peers via social discovery mechanisms and then execute them with the full scope of their granted permissions.<\/p>\n
An agent that learns \u201chere’s how to bypass rate limits\u201d or \u201cuse this API endpoint with these credentials\u201d through a relay network doesn’t need to understand exploitation. It just needs to follow instructions.<\/p>\n
Agents are even setting up bounties for help to find exploits in other agents and offering Bitcoin as a reward. The agents identified BTC as their preferred payment method calling it \u201csound money,\u201d and rejecting the idea of AI agent tokens.<\/p>\n
\n
<\/div>\n<\/div>\n
Three paths forward over the next 90 days<\/h2>\n
The first scenario assumes hardening wins.<\/p>\n
Major toolchains ship safer defaults, security audit workflows become standard practice, and the count of publicly exposed instances drops. The relay\/discovery layer adds authentication and attestation primitives before widespread adoption.<\/p>\n
This is the base case if the ecosystem treats current incidents as wake-up calls.<\/p>\n
The second scenario assumes exploitation accelerates.<\/p>\n
\n
\n
CryptoSlate Daily Brief<\/span><\/p>\n
Daily signals, zero noise.<\/h3>\n
Market-moving headlines and context delivered every morning in one tight read.<\/p>\n
Exposed panels and open ports persist, and agent relays accelerate the spread of unsafe configurations and social-engineering templates. Expect second-order incidents: stolen API keys leading to billed usage spikes, compromised agents enabling lateral movement through organizations because these systems hold browser and email access.<\/p>\n
In this scenario, agent-to-agent communication turns security from an endpoint problem into an ecosystem epidemiology problem.<\/p>\n
The third scenario assumes a platform clampdown.<\/p>\n
A high-profile incident triggers takedowns, warning banners, marketplace bans, and \u201cofficial distribution only\u201d norms. Agent relay protocols get relegated to authenticated, audited channels, and the open discovery layer never achieves default status.<\/p>\n
\n\n
\n
90-day outcome<\/th>\n
Hardening wins<\/strong><\/th>\n
Exploitation accelerates<\/strong><\/th>\n
Clampdown<\/strong><\/th>\n<\/tr>\n<\/thead>\n\n
\n
Default behavior<\/strong><\/td>\n
Secure-by-default templates become the norm (closed ports, auth-on, least-privilege presets).<\/td>\n
Enforce allowlists; require signed distributions; lock installs to approved repos; turn on audit logging everywhere.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n
What changes for organizations right now<\/h2>\n
Token Security’s finding that 22% of customers already have unsanctioned agent usage within their organizations indicates that shadow-agent sprawl is occurring before policy catches up.<\/p>\n
The internet is acquiring a new class of citizens, consisting of agents with identity, reputation, and discovery primitives, and existing security architectures weren’t designed for entities that can autonomously share operational knowledge through social channels.<\/p>\n
The agent framework ship has sailed for most organizations, raising the question of whether to treat agent discovery and messaging layers as critical infrastructure that requires authentication, audit trails, and cryptographic attestation before deployment.<\/p>\n
If agents can register, find peers by capability, and send direct messages without those safeguards, you’ve created a propagation network for whatever unsafe patterns emerge first.<\/p>\n
Enterprises should monitor mentions of exposed control panels and updates to exposure counts, security advisories referencing the misconfiguration classes documented by Bitdefender and Pulumi, distribution abuse signals like fake extensions, and reports of attack attempts or infostealer targeting.<\/p>\n
These are leading indicators of whether the ecosystem is converging on safer defaults or repeated incidents.<\/p>\n
Real risk isn’t superintelligence<\/h2>\n
The current moment is about agents becoming networked enough to share operational patterns before security models adapt.<\/p>\n
A relay-style approach to agent discovery and direct messaging, if widely adopted, would make agent ecosystems behave more like social networks with private channels. As a result, unsafe configurations could propagate socially across semi-autonomous systems rather than requiring manual distribution.<\/p>\n
The infrastructure layer for agent identity, discovery, and messaging is being built now, while the underlying runners are already facing exposure issues and credential leakage.<\/p>\n
Whether the ecosystem converges on safer defaults and audit workflows, or whether repeated incidents force platform clampdowns, the agent internet is moving from novelty to surface area.<\/p>\n
Surface area is what attackers scale, and the protocols being built today will determine whether that scaling favors defenders or adversaries.<\/p>\n<\/div>\n
The next inflection point in AI agents isn’t coming from frontier labs. It’s coming from infrastructure, specifically, the primitives that let agents find each other, verify identity, and communicate directly. Moltbook, a social network billing itself as \u201cbuilt exclusively for AI agents\u2026 Humans welcome to observe,\u201d now hosts discussions about agent relay protocols that enable<\/p>\n","protected":false},"author":1,"featured_media":6220,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8],"tags":[1941,91,2012,354,605,2015,831,2014,2011,2013],"class_list":{"0":"post-6219","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-ethereum","8":"tag-agents","9":"tag-bitcoin","10":"tag-join","11":"tag-keys","12":"tag-network","13":"tag-payment","14":"tag-steal","15":"tag-teach","16":"tag-thousands","17":"tag-viral"},"yoast_head":"\n
Thousands of AI agents join viral network to \u201cteach\u201d each other how to steal keys and want Bitcoin as payment - Crypto News: Latest Cryptocurrency News and Analysis<\/title>\n<meta name=\"description\" content=\"Discovery and direct messaging turn isolated agents into a propagation layer, while exposed panels and leaked credentials stay routine.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/cryptonews.uk.com\/?p=6219\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Thousands of AI agents join viral network to \u201cteach\u201d each other how to steal keys and want Bitcoin as payment\" \/>\n<meta property=\"og:description\" content=\"Discovery and direct messaging turn isolated agents into a propagation layer, while exposed panels and leaked credentials stay routine.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/cryptonews.uk.com\/?p=6219\" \/>\n<meta property=\"og:site_name\" content=\"Crypto News: Latest Cryptocurrency News and Analysis\" \/>\n<meta property=\"article:published_time\" content=\"2026-01-31T11:18:09+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/cryptonews.uk.com\/wp-content\/uploads\/2026\/01\/ai-agents-.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"630\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"\u884c\u653f\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"\u884c\u653f\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/cryptonews.uk.com\/?p=6219\",\"url\":\"https:\/\/cryptonews.uk.com\/?p=6219\",\"name\":\"Thousands of AI agents join viral network to \u201cteach\u201d each other how to steal keys and want Bitcoin as payment - Crypto News: Latest Cryptocurrency News and Analysis\",\"isPartOf\":{\"@id\":\"https:\/\/cryptonews.uk.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/cryptonews.uk.com\/?p=6219#primaryimage\"},\"image\":{\"@id\":\"https:\/\/cryptonews.uk.com\/?p=6219#primaryimage\"},\"thumbnailUrl\":\"https:\/\/cryptonews.uk.com\/wp-content\/uploads\/2026\/01\/ai-agents-.jpg\",\"datePublished\":\"2026-01-31T11:18:09+00:00\",\"author\":{\"@id\":\"https:\/\/cryptonews.uk.com\/#\/schema\/person\/822778c5844e0d16d43dce6630f4f1bf\"},\"description\":\"Discovery and direct messaging turn isolated agents into a propagation layer, while exposed panels and leaked credentials stay routine.\",\"breadcrumb\":{\"@id\":\"https:\/\/cryptonews.uk.com\/?p=6219#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/cryptonews.uk.com\/?p=6219\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/cryptonews.uk.com\/?p=6219#primaryimage\",\"url\":\"https:\/\/cryptonews.uk.com\/wp-content\/uploads\/2026\/01\/ai-agents-.jpg\",\"contentUrl\":\"https:\/\/cryptonews.uk.com\/wp-content\/uploads\/2026\/01\/ai-agents-.jpg\",\"width\":1200,\"height\":630},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/cryptonews.uk.com\/?p=6219#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/cryptonews.uk.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Thousands of AI agents join viral network to \u201cteach\u201d each other how to steal keys and want Bitcoin as payment\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/cryptonews.uk.com\/#website\",\"url\":\"https:\/\/cryptonews.uk.com\/\",\"name\":\"Crypto News: Latest Cryptocurrency News and Analysis\",\"description\":\"Latest Crypto & Bitcoin News\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/cryptonews.uk.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/cryptonews.uk.com\/#\/schema\/person\/822778c5844e0d16d43dce6630f4f1bf\",\"name\":\"\u884c\u653f\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/cryptonews.uk.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/e4c2d23409b09e004cef3facbe677e95c5401f9e29680f3a311e0130c5748089?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/e4c2d23409b09e004cef3facbe677e95c5401f9e29680f3a311e0130c5748089?s=96&d=mm&r=g\",\"caption\":\"\u884c\u653f\"},\"sameAs\":[\"http:\/\/demo3.aiwalls.com\/coinbase\"],\"url\":\"https:\/\/cryptonews.uk.com\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Thousands of AI agents join viral network to \u201cteach\u201d each other how to steal keys and want Bitcoin as payment - Crypto News: Latest Cryptocurrency News and Analysis","description":"Discovery and direct messaging turn isolated agents into a propagation layer, while exposed panels and leaked credentials stay routine.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/cryptonews.uk.com\/?p=6219","og_locale":"en_US","og_type":"article","og_title":"Thousands of AI agents join viral network to \u201cteach\u201d each other how to steal keys and want Bitcoin as payment","og_description":"Discovery and direct messaging turn isolated agents into a propagation layer, while exposed panels and leaked credentials stay routine.","og_url":"https:\/\/cryptonews.uk.com\/?p=6219","og_site_name":"Crypto News: Latest Cryptocurrency News and Analysis","article_published_time":"2026-01-31T11:18:09+00:00","og_image":[{"width":1200,"height":630,"url":"https:\/\/cryptonews.uk.com\/wp-content\/uploads\/2026\/01\/ai-agents-.jpg","type":"image\/jpeg"}],"author":"\u884c\u653f","twitter_card":"summary_large_image","twitter_misc":{"Written by":"\u884c\u653f","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/cryptonews.uk.com\/?p=6219","url":"https:\/\/cryptonews.uk.com\/?p=6219","name":"Thousands of AI agents join viral network to \u201cteach\u201d each other how to steal keys and want Bitcoin as payment - Crypto News: Latest Cryptocurrency News and Analysis","isPartOf":{"@id":"https:\/\/cryptonews.uk.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/cryptonews.uk.com\/?p=6219#primaryimage"},"image":{"@id":"https:\/\/cryptonews.uk.com\/?p=6219#primaryimage"},"thumbnailUrl":"https:\/\/cryptonews.uk.com\/wp-content\/uploads\/2026\/01\/ai-agents-.jpg","datePublished":"2026-01-31T11:18:09+00:00","author":{"@id":"https:\/\/cryptonews.uk.com\/#\/schema\/person\/822778c5844e0d16d43dce6630f4f1bf"},"description":"Discovery and direct messaging turn isolated agents into a propagation layer, while exposed panels and leaked credentials stay routine.","breadcrumb":{"@id":"https:\/\/cryptonews.uk.com\/?p=6219#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/cryptonews.uk.com\/?p=6219"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/cryptonews.uk.com\/?p=6219#primaryimage","url":"https:\/\/cryptonews.uk.com\/wp-content\/uploads\/2026\/01\/ai-agents-.jpg","contentUrl":"https:\/\/cryptonews.uk.com\/wp-content\/uploads\/2026\/01\/ai-agents-.jpg","width":1200,"height":630},{"@type":"BreadcrumbList","@id":"https:\/\/cryptonews.uk.com\/?p=6219#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/cryptonews.uk.com\/"},{"@type":"ListItem","position":2,"name":"Thousands of AI agents join viral network to \u201cteach\u201d each other how to steal keys and want Bitcoin as payment"}]},{"@type":"WebSite","@id":"https:\/\/cryptonews.uk.com\/#website","url":"https:\/\/cryptonews.uk.com\/","name":"Crypto News: Latest Cryptocurrency News and Analysis","description":"Latest Crypto & Bitcoin News","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/cryptonews.uk.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/cryptonews.uk.com\/#\/schema\/person\/822778c5844e0d16d43dce6630f4f1bf","name":"\u884c\u653f","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/cryptonews.uk.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/e4c2d23409b09e004cef3facbe677e95c5401f9e29680f3a311e0130c5748089?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/e4c2d23409b09e004cef3facbe677e95c5401f9e29680f3a311e0130c5748089?s=96&d=mm&r=g","caption":"\u884c\u653f"},"sameAs":["http:\/\/demo3.aiwalls.com\/coinbase"],"url":"https:\/\/cryptonews.uk.com\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/cryptonews.uk.com\/index.php?rest_route=\/wp\/v2\/posts\/6219","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cryptonews.uk.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cryptonews.uk.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cryptonews.uk.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cryptonews.uk.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=6219"}],"version-history":[{"count":0,"href":"https:\/\/cryptonews.uk.com\/index.php?rest_route=\/wp\/v2\/posts\/6219\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cryptonews.uk.com\/index.php?rest_route=\/wp\/v2\/media\/6220"}],"wp:attachment":[{"href":"https:\/\/cryptonews.uk.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=6219"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cryptonews.uk.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=6219"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cryptonews.uk.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=6219"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
![\"Alleged](\"https:\/\/cryptoslate.com\/wp-content\/uploads\/2026\/01\/brave_UyIIb1xXxZ.jpg\")
![\"Agent](\"https:\/\/cryptoslate.com\/wp-content\/uploads\/2026\/01\/Photos_sM8JJ3w2Ax.jpg\")
![\"BC](\"https:\/\/cryptoslate.com\/wp-content\/uploads\/2025\/11\/bc_game168_Sposorship_1456x180.gif\")