A Web3 project contract was suspected to have been implanted with malicious code by an employee, resulting in a loss of hundreds of thousands of dollars

PA一线｜2025-04-28 13:08

PANews reported on April 28 that according to @0xCat_Crypto, a member of the crypto community, a Web3 startup project had hundreds of thousands of USDT transferred away due to the hard-coded authorized wallet address in the smart contract code. In the incident, the contract code submitted by an employee was suspicious, but the employee denied writing the relevant code, saying that the malicious code was automatically generated by an artificial intelligence programming assistant and was not fully reviewed. At present, the ownership of the wallet involved cannot be confirmed, and it is also difficult to identify the code writing entity.

SlowMist Cosine said in a statement that after preliminary investigation, in the environment of using Cursor and Claude3.7 models, the address automatically completed by AI did not match the malicious address involved, eliminating the possibility of AI code generation for malicious purposes. The malicious address was given the rights of the smart contract owner, resulting in the complete transfer of the project's funds.

Original Link

Author ：PA一线
This article reflects the opinions of PANews's columnist and does not represent the stance of PANews. PANews does not assume legal responsibility. The article and opinions do not constitute investment advice.
Image Source ： PA一线 If there is any infringement, please contact the author to remove it.