The DeFi Report - Sponsor Image The DeFi Report - Industry-leading crypto research trusted by finance pros. Friend & Sponsor Learn more

The Contractshark in Cursor: A Cautionary Tale

Ethereum dev Zak Cole had his wallet drained by a malicious Cursor extension. Here's what to watch out for.
The Contractshark in Cursor: A Cautionary Tale
Listen
4
0
0:00 0:00

Subscribe to Bankless or sign in

Devs and vibe coders in crypto just got a wake-up call after a novel security breach hit Zak Cole of the Ethereum Community Foundation. Cole, who’s been in crypto for over a decade with a spotless OpSec record, had his wallet drained last week after installing what looked like a legit Solidity extension in Cursor, the popular AI code editor.

What's spooky here is this vector bypasses OS malware defenses entirely. It was just JavaScript combined with user permissions. Plus, .env files are written in plaintext. Anything on your machine, from AI coding assistants to npm packages, can read it.

Time to batten down the hatches, then. Cole recommends getting private keys out of .env files, moving anything valuable to hardware wallets, and isolating your dev enviroments. Treat every extension install like it’s a potential breach.

Subscribe for free to continue reading

  • Support the Bankless Movement
  • Access to thousands of articles
  • Complete archive of Bankless episodes
  • Embark on free quests in Airdrop Hunter
  • Daily alpha in your inbox

Already subscribed? Sign in


William M. Peaster

Written by William M. Peaster

1016 Articles View all      

William M. Peaster, Senior Writer, has been with Bankless since January 2021. Immersed in Ethereum since 2017, he covers the onchain frontier with a particular interest in art, games, and other culture apps. He has a background in creative writing and writes fiction in his free time.

No Responses
Search Bankless