The Core Ethereum developer said he was hit by a cryptocurrency wallet drainer linked to the Rogue Code Assistant, highlighting how skilled builders can be caught by increasingly sophisticated scams.
Core Ethereum developer Zak Cole has fallen victim to the malicious artificial intelligence extension from Cursor AI. This allows attackers to access the hot wallet for three days before they can discharge their funds.
The developer installed the legal-looking “ContractShark.Solidity-Lang” using professional icons, descriptive copies and over 54,000 downloads, but quietly stretched out his private key. The plugin “reads my .ENV file”, sends the key to the attacker’s server, and allows access to the hot wallet for three days before the funds are discharged on August 10th.
“In over a decade, I never lost one Wei to a hacker. Then I was in a hurry to ship the contract last week,” Cole said, adding that the loss was limited to “hundreds” of “ETH” ether (ETH) in order to use a small project-separated hot wallet for testing and maintain a major holding of the hardware device.
sauce: zak.eth
Wallet drainers – malware designed to steal digital assets – are becoming an increasing threat to cryptocurrency investors.
Related: The Colorado pastor and wife were charged with $3.4 million crypto fraud
In September 2024, Wallet Connect Protocol was living in Google Play Store for over five months and then disguised as stealing $70,000 worth of digital assets from investors.
Some of the fake reviews of the Spoofed WalletConnect app mentioned features that have nothing to do with cryptography. Source: Check Point Research
Extensions are becoming “major attack vectors” for crypto builders
According to Hakan Unal, malicious code and extensions are “increasingly becoming a major attack vector, using type skirting to steal private keys using fake publishers.
“Builders should consider extensions, avoid storing secrets in plain text or .ENV files, use hardware wallets, and develop in an isolated environment.”
Meanwhile, cryptographic drains are even more accessible to scammers.
Related: Lazarus Group has been washing more than $200 million in hacked crypto since 2020
The cipher drainer reports the image. sauce: amlbot
An April 22nd report from the Crypto Forensics and Compliance Firm Amlbot revealed that these drains are being sold as software-as-a-service models, allowing scammers to rent the software for $100 USDT (USDT).
https://www.youtube.com/watch?v=ndv0rfehetq
Magazine: Inside a 30,000 phone bot farm, stealing cryptographic ornaments from real users
Discover more from Earlybirds Invest
Subscribe to get the latest posts sent to your email.
