A new and alarming trend has emerged in the cryptocurrency world: the first reported case of AI poisoning. In this incident, a Solana wallet was compromised, resulting in a theft of approximately $2,500.
This event highlights the dual-edged nature of AI tools like ChatGPT, which, while useful for Web3 development, can also be manipulated to facilitate malicious activities.
The attack took place on November 21, 2024, when a user attempted to deploy a meme token sniping bot on the Solana-based platform, Pump.fun. However, instead of offering safe guidance, ChatGPT provided a link to a fraudulent API designed to steal digital assets. This API was part of a larger scheme involving a backdoor that exposed private wallet keys, allowing the attacker to drain funds. Once the assets were taken, they were transferred to a wallet connected to a series of similar attacks. The malicious code likely came from GitHub repositories, where scammers had embedded trojans in Python files, exploiting the trust of developers.
AI poisoning, the act of introducing harmful data into AI training, is at the heart of this attack. It appears that contaminated data influenced ChatGPT’s responses, leading it to suggest unsafe APIs. Although there’s no evidence of intentional misconduct by OpenAI, the attack illustrates the risks AI systems pose, especially when used in sensitive fields like blockchain development.
Experts, including SlowMist founder Yu Xian, have called for heightened awareness among developers. Xian warned that as the pool of AI training data expands, it becomes more vulnerable to manipulation, with scammers increasingly turning to AI-powered tools to amplify their reach and impact. This case serves as a stark reminder of the evolving dangers in the cryptocurrency space, where AI can be weaponized for theft.
To avoid falling victim to similar attacks, it is crucial for both developers and cryptocurrency users to take proactive measures. Ensuring thorough verification of all code, using separate wallets for testing, and closely monitoring blockchain activity can help mitigate the risks posed by these types of malicious schemes.
A cryptocurrency firm co-founder has admitted to defrauding thousands of investors through false claims of high returns, raising over $9 million before his scheme unraveled.
On January 11, Litecoin’s official social media account fell victim to a brief hacking incident, during which a scammer attempted to promote a fake Litecoin token on the Solana network.
In a significant crackdown, Thai authorities have confiscated nearly 1,000 Bitcoin mining devices from a company accused of illegally tapping into the local power grid.
A young male citizen of the Netherlands has been arrested after allegedly defrauding over 300 people out of millions of euros.