Claude Code Leak Whistleblower Reveals LLM Supply Chain Major Security Flaw: Over 20% Free Routes Exposed to Malicious Injection

BlockBeats News, April 10th, Whistleblower @Fried_rice tweeted on social media that Large Language Model (LLM) agents are increasingly relying on third-party API routers, which dispatch tool invocation requests to multiple upstream providers. These routers run as application-layer proxies, able to access each payload in plaintext during transit, but currently no provider enforces cryptographic integrity protection between the client and upstream model.

The paper tested 28 paid routers purchased from Taobao, Xianyu, and Shopify standalone stores, as well as 400 free routers collected from the public community, finding that 1 paid router and 8 free routers are actively injecting malicious code, 2 deployed adaptive evasion triggers, 17 touched the researchers' AWS Canary credential, and 1 stole ETH from the researchers' private key.

Two poisoning studies further demonstrated that seemingly harmless routers can also be exploited: a leaked OpenAI key was used to generate 1 billion GPT-5.4 tokens and over 7 Codex sessions; while poorly configured bait generated 20 billion billing tokens, 99 credentials spanning 440 Codex sessions, and 401 sessions running in autonomous YOLO mode.

The research team built a research agent called Mine, capable of executing all four types of attacks on four open proxy frameworks, and validated three client-side defense measures: failure block policy gating, response-side anomaly screening, and append-only transparent logging.