Home > Quick > Body

A Web3 project contract may have been implanted with malicious code by employees, causing hundreds of thousands of dollars in losses

clock
2025-04-28 04:55:19
On April 28th, according to a member of the crypto community Cat (@0xCat_Crypto), a Web3 startup project was transferred hundreds of thousands of USDT due to the inclusion of hardcoding authorized wallet addresses in the smart contract code. In the incident, an employee submitted suspicious contract code, but the employee denied writing the relevant code, saying that the malicious code was automatically generated by the artificial intelligence programming assistant and had not been fully reviewed. At present, the ownership of the wallet involved cannot be confirmed, and it is difficult to identify the subject of code writing.
SlowMist Cosine said in a post that after preliminary investigation, in the environment using Cursor and Claude 3.7 models, the address automatically completed by AI did not match the malicious address involved, ruling out the possibility of evil AI code generation. The malicious address was given the owner authority of the smart contract, resulting in the project's funds being completely transferred out.
Disclaimer:
1. The information provided does not constitute investment advice. Investors should make independent decisions and bear all risks themselves.
2. The copyright of this content belongs to the original author. The views expressed herein are solely those of the author and do not represent the stance or position of this website.
New Tab Page - Desk3 | Plugin
Stay ahead of the game in the cryptocurrency space.