Context: Lazarus Group / Bitrefill Attack (March 1, 2026)
On March 1, 2026, Lazarus Group (North Korea) breached Bitrefill through a compromised employee laptop. The attack chain:
- Social engineering - employee laptop compromised
- Lateral movement - access to internal systems
- Credential theft - production wallet keys extracted
- Hot wallet drain - funds transferred
- Data exfiltration - 18,500 customer records stolen
Why This Matters for Agent Wallets
As AI agents begin handling real money at scale (MoonPay Agents API, Coinbase Agentic Wallets, Visa Agentic Ready), the attack surface for custodial agent wallet providers is expanding rapidly.
Custodial agent wallets are vulnerable to this exact attack pattern:
- Central key store = single point of failure
- Employee access to production key material
- One compromised credential = all agent wallets drained
agent-wallet-sdk Non-Custodial Architecture
agent-wallet-sdk is non-custodial by design:
- No shared key infrastructure. Each agent generates and holds its own keypair locally.
- No production keys on servers. Deployment infrastructure never holds wallet keys.
- Agent-scoped blast radius. One compromised agent loses only its own funds (capped by SpendingPolicy).
- SpendingPolicy guardrails. Per-transaction and daily limits cap damage.
Architecture Comparison
| Attack Vector |
Custodial |
Non-Custodial (agent-wallet-sdk) |
| Employee laptop compromise |
All wallets at risk |
Zero wallets at risk |
| Production key theft |
Mass drain possible |
No central keys exist |
| API credential leak |
Full access to all funds |
Agent-scoped only |
| Single agent compromise |
N/A (centralized) |
Only that agent funds |
| Lateral movement payoff |
Jackpot (all keys) |
Nothing to find |
Key Design Decisions to Maintain
- Never introduce a central key store or key management service
- Keep SpendingPolicy as mandatory for all agent wallets
- Ensure no agent key material ever touches server infrastructure
- Document the non-custodial security model prominently for enterprise evaluators
Related
Context: Lazarus Group / Bitrefill Attack (March 1, 2026)
On March 1, 2026, Lazarus Group (North Korea) breached Bitrefill through a compromised employee laptop. The attack chain:
Why This Matters for Agent Wallets
As AI agents begin handling real money at scale (MoonPay Agents API, Coinbase Agentic Wallets, Visa Agentic Ready), the attack surface for custodial agent wallet providers is expanding rapidly.
Custodial agent wallets are vulnerable to this exact attack pattern:
agent-wallet-sdk Non-Custodial Architecture
agent-wallet-sdk is non-custodial by design:
Architecture Comparison
Key Design Decisions to Maintain
Related