# AI Extension Attack *Author: Bankless* *Published: Aug 15, 2025* *Source: https://www.bankless.com/ai-extension-attack* --- [![](https://storage.ghost.io/c/e4/b7/e4b77544-5a37-4f0b-8824-8440aa348476/content/images/2025/08/unnamed--58-.png)](https://www.bankless.com/sponsor/frax-1737128738?ref=read/cursors-contractshark-cautionary-tale&email=true) AI Extension Attack Published on Aug. 15, 2025 [ View in Browser ](https://www.bankless.com/mindshare) --- [**Sponsor: Frax**](https://www.bankless.com/sponsor/frax-1737128738?ref=read/cursors-contractshark-cautionary-tale&email=true) — Fraxtal Ecosystem: Where DeFi Meets AI. [Learn more](https://www.bankless.com/sponsor/frax-1737128738?ref=read/cursors-contractshark-cautionary-tale&email=true) .  .  . MARKET PULSE Codatta Rips [![](https://storage.ghost.io/c/e4/b7/e4b77544-5a37-4f0b-8824-8440aa348476/content/images/2025/08/image--29-.png)](https://x.com/codatta_io)📸 **Market Snapshot: **Broadly speaking, the AI crypto sector stayed flat this week as its market cap hovered around $30 billion. Established projects traded down, like TAO (-3%) and VIRTUAL (-14%), though some newer faces had standout performances. For example, Codatta ([$XNY](https://www.coingecko.com/en/coins/codatta)) skyrocketed +700% over the past 7 days, riding a [Binance Futures listing](https://x.com/codatta_io/status/1955577618914562313), a [community booster campaign](https://x.com/codatta_io/status/1956242785683886260), and [new releases](https://x.com/codatta_io/status/1956348195724038394) that drew massive volume and FOMO. This surge spilled over to related plays, with Tagger ([$TAG](https://www.coingecko.com/en/coins/tagger)) climbing +37% in the same ballpark as an AI data collection and labelling project. Other recent AI risers included Ridges AI ([$SN62](https://www.coingecko.com/en/coins/ridges-ai)), which climbed 57%, and tao.bot ([$TAOBOT](https://www.coingecko.com/en/coins/tao-bot)), which grew +30%, amid Bittensor's surging subnet ecosystem. Keep these on watch as the onchain AI narrative heats up. .  .  . ROUNDUP The Contractshark in Cursor: A Cautionary Tale Bankless Author: [ William Peaster](https://x.com/wmpeaster) [![](https://storage.ghost.io/c/e4/b7/e4b77544-5a37-4f0b-8824-8440aa348476/content/images/2025/08/image--27--2.png)](https://www.bankless.com/read/cursors-contractshark-cautionary-tale)Devs and vibe coders in crypto just got a wake-up call after [a novel security breach](https://x.com/0xzak/status/1955265807807545763) hit Zak Cole of the Ethereum Community Foundation. Cole, who’s been in crypto for over a decade with a spotless OpSec record, had his wallet drained last week after installing what looked like a legit Solidity extension in [Cursor](https://cursor.com/en), the popular AI code editor. ### **What happened:** - The malicious extension, “contractshark.solidity-lang,” had the right trust signals. It came from the Open VSX registry and had a professional icon, clean description, 54k+ downloads, and a believable publisher name. Oof. - Within minutes of installation, the extension read Cole's `.env` file and from there sent his private key to an attacker’s server. Shortly thereafter, his wallet was emptied. - Fortunately, damage was minimal because Cole uses strict hot wallet segregation, with his main funds defended in hardware wallets. However, similar supply chain attacks have already stolen more than $500k from other devs! What's spooky here is this vector bypasses OS malware defenses entirely. It was just JavaScript combined with user permissions. Plus, .env files are written in plaintext. *Anything *on your machine, from AI coding assistants to npm packages, can read it. **Time to batten down the hatches, then**. Cole recommends getting [private keys out of .env files](https://x.com/0xzak/status/1956026289649016946), moving anything valuable [to hardware wallets](https://x.com/0xzak/status/1956026339292840068), and [isolating your dev enviroments](https://x.com/0xzak/status/1956026301741195325). Treat *every *extension install like it’s a potential breach. Cole's full [post-mortem breakdown](https://x.com/0xzak/status/1955655184522371361) and [follow-up threads](https://x.com/0xzak/status/1956026241104150547) are worth a read. The grand takeaway here is that in a connected dev environment, *trust *is your attack surface. Cole's paranoia saved him from disaster, but it could have been a lot worse. Build your setup so that if you ever get compromised like this too, the damage is completely minimized. [Bookmark on Bankless](https://www.bankless.com/read/cursors-contractshark-cautionary-tale) --- ## ***Plus, other news this week*...** ### 🤖 **AI Crypto ** - **SEKAI** — [Hyperliquid x AI pre-launched project gaining traction](https://x.com/sekai_fi/) - **Giza** — [made up 3% of Base chain's entire volume on Tuesday](https://x.com/gizatechxyz/status/1955345702722130244), [after surpassing a billion dollars of "agentic" volume on Monday](https://x.com/gizatechxyz/status/1954878628745097489) - **Temo **— [released the Virtuals DeFAI Index on Indexy](https://x.com/indexy_xyz/status/1956389856315138321) - **Warden **— [is fully migrating to Venice.AI models](https://x.com/AskVenice/status/1956299316370243912) ### **📣 General News** - **Geoffrey Hinton** — [the Godfather of AI, suggested training AI with “maternal instincts” toward humans as a safeguard against AI annihilation](https://www.cnn.com/2025/08/13/tech/ai-geoffrey-hinton) - **Meta** — [the FAIR team unveiled TRIBE, a neural network that predicts human brain responses to movies](https://x.com/AIatMeta/status/1954865388749205984) - **Perplexity** — [made an unsolicited $34.5B bid for Chrome browser, per the WSJ, amid Google’s ongoing antitrust battle that could force a Chrome spin-off](https://www.wsj.com/tech/perplexity-ai-google-chrome-offer-5ddb7a22?gaa_at=eafs&gaa_n=ASWzDAjFYs306xSHG-ordYK586CDwlloaZ-11jfKrnoJgjioiC7VahTonvFuGldvSkw%3D&gaa_ts=689e3862&gaa_sig=0mbsCpikujlyoCIIWnqqYeteHPTtgbu7wqP6IE87d1Uev0RVctptqtbqzfHif60hc_MSXNa_tb9kgivEuazSkA%3D%3D) - **xAI** — [xAI co-founder Igor Babuschkin leaves to start Babuschkin Ventures, for investing in AI startups](https://x.com/ibab/status/1955741698690322585) while [Elon Musk announced xAI is suing Apple for favoring OpenAI in the App Store](https://x.com/elonmusk/status/1955073616996975095) ### **📚 Reads** - **Caffeinated Capital** — [The Audacity of AI](https://caffeinatedcaptial.substack.com/p/the-daily-morning-brew-the-audacity) - **Diego **— [Where Is Crypto x AI Heading?](https://x.com/diego_defai/status/1954933885231337889) - **Ethereum Guest Post** — [Autonomous Agents Are About to Become Ethereum’s Biggest Power Users](https://x.com/ethereum/status/1955673870998143383) --- --- *This article is brought to you by [MetaMask](https://www.bankless.com/sponsor/metamask-1776260643?ref=ai-extension-attack)*