PANews reported on April 28 that a Web3 startup project lost hundreds of thousands of USDT due to hardcoded authorized wallet addresses in the smart contract code, as disclosed by crypto community member @0xCat_Crypto. An employee submitted contract code that appeared suspicious, but the employee denied writing the related code, claiming that the malicious code was automatically generated by an AI programming assistant and had not been adequately reviewed. Currently, the ownership of the involved wallet cannot be confirmed, and the identity of the code's author is also difficult to ascertain.
Slow Mist's Yu Sin stated that, after preliminary investigation, the AI autocomplete address in the environment using Cursor and Claude 3.7 model did not match the involved malicious address, ruling out the possibility of AI code generation being responsible for the wrongdoing. The malicious address was granted owner permissions of the smart contract, resulting in the complete transfer of funds from the project team.