Ethereum core developer Zak Cole experienced a security breach when a malicious extension from Cursor AI compromised his cryptocurrency wallet. The rogue extension, disguised as 'contractshark.solidity-lang,' had a professional appearance and was downloaded over 54,000 times. It secretly exfiltrated Cole's private key by accessing his environment file and relayed it to an attacker's server, resulting in the draining of his hot wallet three days later on August 10. Cole noted he had never lost funds to hackers in his decade of experience, although the loss amounted to only a few hundred dollars due to his use of limited project-specific hot wallets for testing. This incident illustrates the escalating risks posed by wallet drainer attacks in the cryptocurrency ecosystem, as highlighted by experts who stress the need for secure extension vetting, avoidance of plaintext secret storage, and reliance on hardware wallets for crypto security.

Source 🔗