loader image
Hacker in hoodie with laptop, red digital background, text reads "Hackers Stolen $500,000 in Crypto Assets".
Hackers Steal $500,000 in Crypto via AI Dev Tool Trap

Hackers exploited a malicious extension in the Cursor AI development environment to steal $500,000 in cryptocurrency from a Russian blockchain developer. The attack, which Securelist analysts linked to a fake “Solidity Language” extension, marks a new phase in supply chain intrusions using AI-assisted platforms. Hackers steal 500000 crypto assets by manipulating search algorithms to elevate the rogue extension above legitimate ones.

The breach began after the developer installed the tool while searching for a Solidity syntax highlighter. The extension, downloaded over 54,000 times, served as a dropper for multi-stage malware. Hackers steal 500000 crypto by deploying PowerShell scripts and legitimate remote access software, such as ScreenConnect, to maintain persistent control. The same infrastructure supported similar attacks through npm packages and Visual Studio Code extensions that connected to identical command and control servers.

Securelist traced the activity to domains including angelic[.]su and lmfao[.]su.

Read the full report at

Hackers Stolen $500,000 in Crypto Assets by Weaponizing AI Extension

Write a Reply or Comment

Your email address will not be published. Required fields are marked *