Ethereum core dev’s crypto wallet drained by malicious AI extension
Ethereum core dev Zak Cole lost funds after a malicious Cursor extension stole his private key, highlighting rising wallet drainer attacks on builders.
A core Ethereum developer said he was hit by a cryptocurrency wallet drainer linked to a rogue code assistant, underscoring how even seasoned builders can be caught by increasingly polished scams.
Core Ethereum developer Zak Cole fell victim to a malicious artificial intelligence extension from Cursor AI, which enabled the attacker to access his hot wallet for three days before draining the funds, he said in a Tuesday X post.
The developer installed the “contractshark.solidity-lang” that appeared legitimate — with a professional icon, descriptive copy and more than 54,000 downloads — but silently exfiltrated his private key. The plugin “read my .env file” and sent the key to an attacker’s server, giving access to his hot wallet for three days before funds were drained on Aug. 10, he said.
Source: Cointelegraph →Related News
- 5 hours ago
Ethereum Foundation introduces 'Privacy Stewards for Ethereum' and ro...
- 7 hours ago
The ‘endgame’ for US dollar stablecoins is no tickers — Web3 exec
- 10 hours ago
Onchain collateral could get you better loan terms — Crypto bank exec
- 11 hours ago
Dogecoin targets $0.60 next after DOGE price gains 40% in one week
- 14 hours ago
Web3 white hats earn millions, crushing $300K traditional cybersecurity jobs