点击进入总统社区群聊
A certain web3 project’s contract may have been implanted with malicious code by an employee, resulting in losses of hundreds of thousands of dollars.
According to news from Coin World, a member of the crypto community, Cat (@0xCat_Crypto), disclosed that a Web3 startup project lost hundreds of thousands of USDT due to hard-coded authorized wallet addresses in its smart contract code.
In the incident, a contract code submitted by an employee appeared suspicious, but the employee denied writing the relevant code, claiming that the malicious code was automatically generated by an AI programming assistant and not adequately reviewed. Currently, the ownership of the involved wallet cannot be confirmed, and identifying the entity that wrote the code is also difficult.
Slow Mist's Yu Xian stated that after preliminary investigations, in an environment using the Cursor and Claude 3.7 models, the AI auto-completed addresses did not match the involved malicious address, ruling out the possibility of AI code generation being involved in the wrongdoing. The malicious address had owner permissions for the smart contract, resulting in the project’s funds being completely transferred out.
