AI Coding Assistant Becomes a Hacker Gateway? SlowMist Warns: Crypto Developers' Assets Are Being "Unnoticed Intruded"

Blockchain security company SlowMist recently issued an emergency security warning, pointing out that mainstream AI coding tools have high-risk vulnerabilities. Attackers can directly compromise developers’ systems through extremely simple project operations, posing a particularly severe threat to cryptocurrency developers.

SlowMist threat intelligence team stated that when developers open untrusted project directories in Integrated Development Environments (IDEs), even routine actions like “Open Folder” can trigger malicious commands to automatically execute on Windows or macOS systems, without any additional interaction. This means sensitive information such as private keys, mnemonics, and API keys could be stolen without the developer’s awareness.

Research shows that Cursor users are especially vulnerable to this attack. Cybersecurity firm HiddenLayer disclosed this issue as early as September in their “CopyPasta License Attack” study. Attackers embed hidden commands within Markdown comments in common files like LICENSE.txt and README.md, tricking AI coding assistants into spreading malicious logic throughout the codebase. These comments are invisible to human developers but are executed as “instructions” by AI tools, enabling backdoors, data theft, or system takeover.

HiddenLayer further pointed out that, besides Cursor, multiple AI coding tools such as Windsurf, Kiro, and Aider are also affected. The attack can spread across the entire development environment with minimal interaction, amplifying systemic risk.

Meanwhile, state-sponsored attacks are also escalating. Security research indicates that North Korean hacker groups have embedded malicious software directly into Ethereum and BNB smart contracts, building blockchain-based decentralized command and control networks. The malicious code is distributed via read-only function calls, effectively bypassing traditional law enforcement and blocking measures. Organizations like UNC5342 also target crypto developers precisely through fake job postings, technical interviews, and NPM package deliveries.

Even more concerning, artificial intelligence itself is becoming an amplifier of vulnerabilities. Research from Anthropic shows that Claude Opus 4.5 and GPT-5 can identify exploitable vulnerabilities in numerous real contracts, with attack costs continuously decreasing. Chainabuse data indicates that AI-driven crypto scams increased by 456% within a year, with deepfakes and automated social engineering becoming mainstream methods.

Although on-chain security losses declined in December, from AI coding tool vulnerabilities to malicious blockchain infrastructure, crypto developers have become high-value targets. For professionals relying on AI programming and managing digital assets, the security of development environments is increasingly becoming an essential systemic risk that cannot be ignored.