🚨 Your Crypto Could Disappear Overnight: SlowMist Exposes Deadly AI Coding Flaws

AI-powered coding tools just got exposed—and your digital assets might be on the line. Blockchain security firm SlowMist drops a bombshell: critical vulnerabilities in popular AI dev assistants could let attackers drain wallets or hijack smart contracts.

### The Invisible Backdoor

Automated code generators—hailed as the future of Web3 development—are silently introducing exploitable flaws. One overlooked line of AI-written Solidity can turn a DeFi protocol into a honeypot.

### VCs Were Too Busy Writing Checks to Notice

While Silicon Valley hyped 'AI-powered blockchain innovation,' security researchers found gaping holes. 'It’s like giving a burglar a blueprint,' says SlowMist’s lead engineer. Too bad that $50M Series B round didn’t include a security audit clause.

### Patch Now or Regret Later

Projects using AI-assisted coding tools should assume compromise. Manual reviews aren’t optional anymore—your users’ funds depend on it. Meanwhile, crypto’s favorite hedge funds will keep pretending this isn’t systemic until their own cold wallets get drained.

AI Coding Tools Become Attack Vector for Crypto Theft

Cursor users face particularly severe exposure to the vulnerability, which cybersecurity firm HiddenLayer first documented in September in its research into the “CopyPasta License Attack.”

The exploit manipulates how AI assistants interpret common developer files, including LICENSE.txt and README.md, by embedding harmful instructions in markdown comments that remain hidden from rendered views but guide AI tools to propagate malware across entire codebases.

Attackers can stage backdoors, exfiltrate sensitive data, or manipulate critical systems while malicious code remains buried DEEP inside files, according to HiddenLayer’s analysis.

The firm demonstrated the attack using Cursor alongside other vulnerable tools, including Windsurf, Kiro, and Aider, showing how minimal user interaction enables organization-wide code compromise.

The disclosure follows Coinbase CEO Brian Armstrong’s aggressive push to have AI-generated code account for 40% of the company’s output, with plans to reach 50% by October, despite firing engineers who failed to adopt AI tools within one week of his mandate.

Coinbase CEO @brian_armstrong fired engineers who failed to adopt AI coding tools within a week of his mandate as the crypto exchange targets 50% AI-generated code.#AI #Codinghttps://t.co/ubNvyhiFlL

Security experts and developers criticized the policy as a “giant red flag for any security-sensitive business,” according to Dango founder Larry Lyu, while Carnegie Mellon professor Jonathan Aldrich called it “” and said he WOULD not trust Coinbase with his funds.

Nation-State Hackers Weaponize Blockchain for Malware Distribution

Developers continue to face persistent organized attacks. North Korean threat actors have escalated attacks by embedding malware directly into blockchain smart contracts, marking the first documented nation-state use of “” techniques.

Famous Chollima operatives deployed malicious JavaScript modules that combined the BeaverTail and OtterCookie malware through fake job interviews targeting crypto developers, distributing the code via an NPM package disguised as a chess application.

Google documented a North Korean group, UNC5342, embedding JADESNOW malware and INVISIBLEFERRET backdoors within smart contracts on the BNB Smart Chain and ethereum since February, creating a decentralized command-and-control infrastructure that law enforcement cannot easily dismantle.

The technique stores payloads on public blockchains through read-only function calls that avoid transaction fees and leave no visible history.

Still targeting developers, back in April, the attackers established legitimate US companies using stolen identities, with Silent Push researchers discovering Blocknovas registered to a vacant South Carolina lot and Softglide traced to a Buffalo tax office.

It was discovered that both were serving as fronts for the “” campaign that distributes malware through technical assessments.

These security threats keep growing even as crypto-related losses from hacks and cybersecurity exploits fell 60% in December to $76 million, according to blockchain security firm PeckShield, down from November’s $194.2 million.

Crypto-related losses from hacks and cybersecurity exploits fell sharply in December, dropping 60% month-on-month to about $76 million.#Crypto #Hackhttps://t.co/mke6K8sLVQ

AI Systems Discover Zero-Day Exploits Worth Millions

The paradox of the ethical and unethical use of AI is becoming increasingly concerning.

Last month, Anthropic research showed that AI agents successfully exploited 50% of smart contracts in its SCONE-bench testing framework, generating simulated attacks worth $550.1 million across 405 historically compromised contracts.

Claude Opus 4.5 and GPT-5 discovered working exploits on 19 contracts deployed after their knowledge cutoff dates, representing $4.6 million in value, while both models found two zero-day vulnerabilities in live Binance Smart Chain contracts worth $3,694 at an API cost of $3,476.

The study found potential exploit revenue roughly doubled every 1.3 months while token costs for generating working attacks fell sharply, meaning attackers obtain more successful exploits for identical compute budgets as models improve.

Meanwhile, AI-powered crypto scams increased 456% between May 2024 and April 2025, according to Chainabuse data, with 60% of deposits into scam wallets now stemming from AI-driven schemes using deepfakes, voice cloning, and automated bots that create fake identities and realistic conversations at scale.