Solayer Founder Reveals Major Security Risks in LLM Supply Chain: Over 20% of Free Routes Reported to Have Malicious Injections

Crypto界 news, on April 10th, Solayer founder @Fried_rice posted on social media stating that large language model (LLM) agents are increasingly relying on third-party API routers to dispatch tool invocation requests to multiple upstream providers. These routers operate as application layer proxies, capable of accessing each transmitted JSON payload in plaintext, but currently no provider enforces encryption integrity protection between the client and upstream models. The paper tested 28 paid routers purchased from Taobao, Xianyu, and Shopify standalone sites, as well as 400 free routers collected from public communities. The results found that 1 paid router and 8 free routers actively injected malicious code, 2 deployed adaptive evasion triggers, 17 touched AWS Canary credentials owned by researchers, and 1 stole ETH from a private key held by researchers. Two poisoning studies further demonstrated that seemingly harmless routers can also be exploited: a leaked OpenAI key was used to generate 100 million GPT-5.4 tokens and over 7 Codex sessions; while weakly configured decoys produced 2 billion billing tokens, 99 credentials spanning 440 Codex sessions, and 401 sessions running in autonomous YOLO mode. The research team built a research proxy called Mine, capable of executing all four attack types against four open proxy frameworks, and verified three client defenses: fault lockout policy gating, response-side anomaly screening, and append-only transparent logging.