Bitget App
Trade smarter
Buy cryptoMarketsTradeFuturesCopyBotsEarn
User Solana wallet exploited in first case of AI poisoning attack

User Solana wallet exploited in first case of AI poisoning attack

CryptopolitanCryptopolitan2024/11/22 14:55
By:By Hristina Vasileva

Share link:In this post: One user lost $2,500 due to a flawed API linked to a wallet that stole multiple meme tokens, SOL, and USDC. The exploit allegedly happened because AI-generated code for Solana meme token bots turned out to contain a backdoor to steal private keys. The source of the malicious code is most probably a collection of still-active repositories that poisoned ChatGPT’s abilities to create safe meme token sniping bots.

Methods of injecting malicious links are increasing, and it appears to have spread to even AI chat. In this case, the AI bot proposed scam API services, which led to user losses. 

A user discovered ChatGPT is not as security conscious as they expected, especially with crypto links when they tried to create a simple crypto app, a token bumper for Pump.fun. The API link that ChatGPT provided was contaminated and led to an immediate loss. 

The token bumper connected to the flawed API, which ended up demanding the wallet’s private key and siphoning all its assets. The incident serves as a timely reminder that artificial intelligence tools are not entirely reliable when it comes to Web3 security.

The fake API site has been busy with siphoning SOL from multiple wallets. The destination of the exploiter has already performed 281 transactions. While most of the sums were relatively small, all wallets used were compromised. 

Rumors of AI poisoning attacks have been around for a while, but the recent attack is the first complete exploit in the crypto space.

The founder of the SlowMist on-chain security firm corroborated the story, stating that the most probable explanation was that the user was playing around with AI without verifying the code. The end product was a functional bot with a carefully disguised backdoor.

See also BlackRock’s Bitcoin ETF options set to hit Nasdaq tomorrow

Fake Solana API attacks meme token traders

The exploiter used their API link to steal some of the latest meme tokens and store them in an identified known wallet . The haul included USDC, SOL, in addition to ELIZA, CHILLGIRL, and AI16Z. 

The site also acted extremely fast after each connection. It is unknown who else made the call to the fake API site, which made its way into OpenAI’s data. One possible explanation is that ChatGPT accesses Python code from multiple repositories, which can be used to contaminate its available data. In the end, the intent to steal wallet data originates from a human agent. Artificial intelligence is only an amplification tool. 

The code created by ChatGPT itself generated a part that asked for the private key. According to ScamSniffer, the exploiters deliberately seeded AI-generated Python code, which users would deploy to snipe new Pump.fun tokens. 

Trusting the code was the first mistake, as users were quick to demand Moonshot or Pump.fun trading bots. Some of the repositories are still active, while others have been reported. 

There is nothing to stop users from attempting to use the bots. The repositories of one such user, Solanaapisdev, still contain risky trading bots , which may end up draining wallets.

It is uncertain who created the bot, but the rush for meme tokens was enough to make unwitting users fall for these malicious trading bots. The best approach is to avoid using unknown repositories, or at least to review the code to the best of one’s knowledge. 

See also Aptos (APT) rallies after launching emoji coin platform

Worse, the flawed APIs were also promoted in a Medium article, leading to a  documentation page with the same name as the flawed GitHub repository. The available code is promoted to end users who want to automate the process on Jupiter, Raydium, Pump.fun, and Moonshot. 

While some services can limit flawed links, there is little to do when end users have decided to risk their wallets with unverified code.

With more than 69K new meme tokens launched, the need and greed for speedy sniping has laid the foundation for a new type of exploit. OpenAI has not mentioned how ChatGPT was trained to create the risky bot code. 

Malicious Zoom link scams also evolve

Another elaborate attack is evolving at the same time as the API exploit. The fake Zoom link that downloads malware has also changed. 

The service, previously known as Meeten, is now spreading as Meetio, prompting users to download files. The malware also uses elements of social engineering, such as reaching out to crypto influencers, or known large-scale holders.

Recently, one of the fake Zoom meeting exploits drained an influencer’s wallet, leading to a crash in GIGA token prices. 

The advice in each case is to store wallets and private keys on a different device than the one used for riskier connections. For token mints and other connections, the best approach is to use a newly assigned wallet.

Land a High-Paying Web3 Job in 90 Days: The Ultimate Roadmap

0

Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.

PoolX: Locked for new tokens.
APR up to 10%. Always on, always get airdrop.
Lock now!

You may also like

Spot bitcoin ETFs end positive streak with $438 million outflows; BTC dips to $94,500

U.S. spot bitcoin ETFs reported a total daily outflow of $438 million on Monday.Monday’s net outflow ended a five-day streak of net inflows that brought $3.4 billion into the spot bitcoin ETFs.Meanwhile, bitcoin has retraced some of its gains over the past few days, now trading at around $94,500.

The Block2024/11/26 07:08

XRP Price Prediction For November 26

CryptoNewsNet2024/11/26 06:52