According to a report from the deep tide TechFlow on April 28, a Web3 startup project had hundreds of thousands of USDT transferred away due to a hard-coded authorized wallet address in the smart contracts code, as disclosed by crypto community member Cat (@0xCat_Crypto). In this incident, the contract code submitted by an employee was suspicious, but the employee denied writing the related code, claiming that the malicious code was automatically generated by an AI programming assistant and was not adequately reviewed. Currently, the vesting of the wallet involved cannot be confirmed, and it is also difficult to identify the entity that wrote the code.
Slow Fog Yuxian stated that after preliminary investigation, under the environment using the Cursor and Claude 3.7 models, the AI auto-completed address did not match the malicious address involved, ruling out the possibility of AI code generation being malicious. The malicious address has smart contracts owner permissions, resulting in the complete outflow of funds from the project party.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
