A Web3 project contract was suspected to have been implanted with malicious code by an employee, resulting in a loss of hundreds of thousands of dollars

04-28

This article is machine translated

Show original

According to PANews on April 28, a Web3 startup project lost hundreds of thousands of USDT due to a hardcoded authorization wallet address in the smart contract code, as disclosed by crypto community member @0xCat_Crypto. In the incident, a suspicious contract code was submitted by an employee who denied writing the code, claiming that the malicious code was automatically generated by an AI programming assistant without thorough review. Currently, the ownership of the involved wallet cannot be confirmed, and the source of the code writing is difficult to determine.

Slow Fog Yuan Cosine stated that after preliminary investigation, using Cursor and Claude3.7 models, the AI auto-completed address does not match the malicious address, ruling out the possibility of AI code generation causing harm. The malicious address was granted owner permissions in the smart contract, resulting in the complete transfer of project funds.

Source

Disclaimer: The content above is only the author's opinion which does not represent any position of Followin, and is not intended as, and shall not be understood or construed as, investment advice from Followin.

Add to Favorites

Comments

Relevant content

All-in station

FPT collaborates with VIX Securities to build a cryptocurrency exchange in Vietnam.

PANews

Trading Moments: Silver plunges after hitting a new high; institutions warn of potential correction in precious metals; Bitcoin exhibits a "Dead Cat Bounce"?

BTC

0.27%

Foresight News

Zcash has carved out its own niche in the crypto ecosystem.

ZEC

2.07%