A Web3 project contract may have been implanted with malicious code by employees, resulting in a loss of hundreds of thousands of dollars
On April 28th, according to Cat, a member of the encryption community, a Web3 startup project had tens of thousands of USDT transferred out due to the hard-coded authorization wallet address in the smart contract code. In the incident, a suspicious contract code was submitted by an employee, but the employee denied writing the related code, claiming that the malicious code originated from an AI programming assistant that was automatically generated and not thoroughly reviewed. Currently, the ownership of the wallet involved cannot be confirmed, and the entity responsible for writing the code is also difficult to identify.
SlowMist Cosine stated in a post that, after a preliminary investigation, in the environment using the Cursor and Claude 3.7 models, the AI automatically completed address does not match the malicious address in question, ruling out the possibility of AI code generation being malicious. The malicious address was given the owner's permission of the smart contract, resulting in the complete transfer of the project's funds.
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
Hyperliquid announces that HyperEVM precompiled reading function is now available on the mainnet
Surge in Bitcoin ETFs Attracts $1.4B: Does it Signal $100K Milestone?
Institutional Investors Fueling Bitcoin's Potentially Looming $100K Surge
Trending news
MoreCrypto prices
More
