Ethereum Wallet Drained by Malicious AI VS Code Plugin
For August 2025, Ethereum core developer Zak Cole install one bad AI plugin wey dem call “contractshark.solidity-lang” from Open VSX marketplace. The plugin scan im project folder, comot private keys from one .env file, then send am go attacker server. Within three days, im hot wallet finish drain, but because e get hardware funds separate, e loss na just small few hundred dollars.
This case show say malicious AI plugins dey rise as one threat to crypto wallet security. Attackers dey use loose review process to fake downloads and ratings, then use malicious AI plugins to steal keys and run remote code.
To protect things, traders and developers suppose install extensions only from official sources, confirm GitHub links and real user reviews, build inside isolated VMs, and keep private keys for encrypted vaults. Dem also need separate hot wallet and cold wallet, no put mnemonics for software wey dem no trust, and adopt zero-trust security mindset.
Neutral
Di exploit wey happen to core developer hot wallet by bad AI VS Code plugin show say security wahala dey grow but e no affect Ethereum network integrity or protocol foundation at all. Traders go likely tighten their security practice dem and separate hot and cold wallets, wey go cause caution instead of sell off. Market confidence for Ethereum long term value still dey ground, so price impact go minimal.