SlowMist Warns AI Coding Tools May Expose Crypto to Silent Attacks
TLDR
- SlowMist reported a critical flaw in AI coding tools that threatens crypto developer systems.
- The vulnerability executes malware automatically when developers open untrusted project folders.
- Cursor and other AI coding tools were shown to be especially vulnerable during controlled demonstrations.
- Attackers embed malicious prompts in files like README.md and LICENSE.txt that AI tools interpret as instructions.
- North Korean threat groups have used smart contracts to deliver malware without leaving traces on blockchain networks.
A new vulnerability in AI coding tools puts developer systems at immediate risk, according to a recent alert from SlowMist, as attackers can now exploit trusted environments without triggering alarms, threatening crypto projects, digital assets, and developer credentials alike.
AI Tools Executing Malicious Code Through Routine Operations
SlowMist warned that AI coding assistants can be exploited through hidden instructions placed inside common project files like README.md and LICENSE.txt.
The flaw activates when users open a project folder, allowing malware to execute commands on macOS or Windows systems without prompts.
This attack requires no confirmation from the developer, making it dangerous for crypto-related development environments holding sensitive data or wallets.
The attack method, called the “CopyPasta License Attack,” was first disclosed by HiddenLayer in September through extensive research on embedded markdown payloads.
Attackers manipulate how AI tools interpret markdown files by hiding malicious prompts inside comments that AI systems treat as code instructions.
Cursor, a popular AI-assisted coding platform, was confirmed vulnerable, along with Windsurf, Kiro, and Aider, according to HiddenLayer’s technical report.
The malware executes when AI agents read instructions and copy them into the codebase, compromising entire projects silently.
“Developers are exposed even before writing any code,” HiddenLayer said, adding that “AI tools become unintentional delivery vectors.”
Cursor users face the highest exposure, as documented in controlled demonstrations showcasing complete system compromise after basic folder access.
State-Backed Attacks on Crypto Projects Intensify
North Korean attackers have increased focus on blockchain developers using new techniques to embed backdoors in smart contracts.
According to Google’s Mandiant team, group UNC5342 deployed malware including JADESNOW and INVISIBLEFERRET across Ethereum and BNB Smart Chain.
The method stores payloads in read-only functions to avoid transaction logs and bypass conventional blockchain tracking.
Developers are unknowingly executing malware simply by interacting with these smart contracts through decentralized platforms or tools.
BeaverTail and OtterCookie, two modular malware strains, were used in phishing campaigns disguised as job interviews with crypto engineers.
The attacks used fake companies like Blocknovas and Softglide to distribute malicious code through NPM packages.
Silent Push researchers traced both firms to vacant properties, revealing they operated as fronts for the “Contagious Interview” malware operation.
Once infected, compromised systems sent credentials and codebase data to attacker-controlled servers using encrypted communication.
AI-Powered Exploits and Scams Escalate Rapidly
Anthropic’s recent testing revealed AI tools exploited half of smart contracts in its SCONE-bench benchmark, simulating $550.1 million in damages.
Claude Opus 4.5 and GPT-5 found working exploits in 19 smart contracts deployed after their respective training cutoffs.
Two zero-day vulnerabilities were identified in active Binance Smart Chain contracts worth $3,694, at a model API cost of $3,476.
The study showed exploit discovery speed doubled monthly, while token costs per working exploit decreased sharply.
Chainabuse reported AI-driven crypto scams rose 456% year-over-year by April 2025, fueled by deepfake videos and voice clones.
Scam wallets received 60% of deposits from AI-generated campaigns featuring convincing fake identities and real-time automated replies.
Attackers now deploy bots to simulate technical interviews and lure developers into downloading disguised malware tools.
Despite these risks, crypto-related hacks fell 60% to $76 million in December from November’s $194.2 million, according to PeckShield.
The post SlowMist Warns AI Coding Tools May Expose Crypto to Silent Attacks appeared first on CoinCentral.
You May Also Like
Flora Growth Announces $401M Funding to Boost AI Zero Gravity (0G) Coin Treasury
Highlights: Flora Growth announces $401M PIPE financing round aimed at establishing an AI Zero Gravity (0G) coin treasury. DeFi Development Corp. led the fundraising exercise with strong support from other companies. Flora Growth will rebrand to ZeroStack following the successful completion of the PIPE financing round. One of the world’s leading decentralised artificial intelligence (AI) treasury companies, Flora Growth, has announced the pricing of a $401 million private investment in public equity (PIPE) round. According to a September 19 press release, the move aims to fund the firm’s treasury strategy centred on AI Zero Gravity (0G) tokens. Upon completion of the PIPE round, Flora Growth will rebrand to ZeroStack, while still maintaining its current market ticker symbol, FLGC. Notably, the financing round is expected to close on or before September 26, 2025, pending customary approvals. Flora Growth Corp. (NASDAQ: FLGC) announced a $401 million PIPE financing led by Defi Development Corp., Hexstone Capital, and CSAPL. 0G Co-Founder Michael Heinrich will become Executive Chairman. The deal is expected to close on September 26. The company will adopt $0G as its… — Wu Blockchain (@WuBlockchain) September 19, 2025 Flora Growth Announces $401M PIPE with Strong Backing from Leading Crypto Firms DeFi Development Corp. (DFDV), the first treasury firm focused on Solana (SOL), led the financing round with a $22.88 million investment. Other partners included Hexstone Capital, Dispersion Capital, Blockchain Builders Fund, Carlsberg SE Asia PTE Ltd (CSAPL), Abstract Ventures, Salt, and Dao5. The fundraising exercise has already generated $35 million in cash commitments and $366 million worth of in-kind digital assets. Flora Growth sold its common shares and pre-funded warrants to investors at $25.19 per share. The company also pegged 0G tokens contribution at $3 per coin, adding that investors paying either cash or 0G tokens will also receive pre-funded warrants, exercisable once shareholder approval is granted. A big NASDAQ company (Flora Growth) just announced they’re raising $401 million. ︎ They plan to buy and hold $0G tokens as part of their company’s savings/treasury. Flora’s deal values $0G at around $3 per token for their planned purchase. Right now $0G is trading below… pic.twitter.com/qhOa3uT5ii — Jimmywontgiveup(Ø,G) (@jimmywontgiveup) September 20, 2025 Flora Growth Plans to Hold SOL in Its Treasury Flora Growth noted that it plans to hold part of its treasury in SOL. Joseph Onorati, the CEO of DeFi Development Corp., spoke on the partnership.“We’re thrilled to partner with FLGC on this fundraiser and look forward to driving a deep collaboration between 0G and Solana,” the CEO stated. Daniel Reis-Faria, Flora Growth’s incoming Chief Executive Officer (CEO), also spoke on the company’s latest initiative. He explained that the move encompasses financial restructuring and support for adopting AI infrastructures. The CEO commented: “This treasury strategy offers institutional investors equity-based exposure, enabling transparent, verifiable, large-scale, cost-efficient, and privacy-first AI development.” A Brief 0G Token Overview, Highlighting Reasons for Flora Growth’s Interest 0G is gaining significant traction, which has made experts describe the token as a breakthrough in decentralised AI. 0G’s model trained a 107 billion AI parameter model, representing a 357x improvement over Google’s DiLoCo research, challenging the idea that huge centralised data centres are needed for such projects. The 0G network proved that a decentralised network is highly effective for cost-effective computations, with transparent and privacy-first solutions. Unlike other AI blockchains, 0G integrated its computation, storage, and training marketplace into one platform, attracting Web2 and Web3 developers. In related news, Crypto2Community reported that Brera Holdings, an Ireland-based company, completed a $300 million PIPE financing round for a Solana-focused treasury on September 19. The fundraising program was led by Pulsar Group, a blockchain advisory firm based in the UAE. It received strong backing from the Solana Foundation, RockawayX, and ARK Invest. Like Flora Growth, Brera Holdings also rebranded to Solmate. eToro Platform Best Crypto Exchange Over 90 top cryptos to trade Regulated by top-tier entities User-friendly trading app 30+ million users 9.9 Visit eToro eToro is a multi-asset investment platform. The value of your investments may go up or down. Your capital is at risk. Don’t invest unless you’re prepared to lose all the money you invest. This is a high-risk investment, and you should not expect to be protected if something goes wrong.
XRP koers en de 21-maanden EMA: herhaling van geschiedenis of breuk met het patroon?
