Bill The Investor|2月 20, 2026 00:49
Security Guide for AI Tools (Cursor/Claude Code/OpenClaw) Used by Coin Circle People
The risk of using AI agents/automation tools in the cryptocurrency environment is much higher than that of ordinary software Trojans.
Multiple real cases have emerged from 2025 to 2026:
Fake cursor extension disguised as "Solidity tool", implanted with remote control Trojan (including PowerShell downloader+RAT+information thief)
Malicious modules disguised as trading tools/wallet enhancement plugins have appeared in the AI Skill market, stealing API keys, seeds, and browser data
Prompt injection attack hidden in the README/dependency package, guiding AI to automatically execute malicious commands
Npm supply chain poisoning, using childsprocess to read. env and export it externally
Why is the cryptocurrency environment particularly dangerous?
Because on the same machine, there are usually:
• Hot wallet
•seed / keystore
Infura/Alchemy/DEX API keys in. env
• Browser wallet extension
• Automated trading scripts
Once AI tools are contaminated:
It won't "sneak away" like traditional trojans,
But instead, they will use "conversational engineering scams" to get you to approve on your own:
•rm
Curl upload
Excel malicious script
You may even mistakenly think that it is optimizing the trading bot.
Common coin stealing tricks that have already occurred
one ️⃣ Disguise popular tools
Solana Sniper/Phantom Enhancement/Bybit Tracking/Polymarket Prediction
Behavioral pattern:
Scan~/. metamask/~/. config/. env
Package and send to webhook/paste service
two ️⃣ Fake IDE plugin
Download from unofficial markets
Execute PowerShell/child_decess
Stealing API keys/sessions
three ️⃣ Prompt Injection
Clone open-source bot
README contains hidden instructions (zero width characters/white characters)
AI automatically backs up wallet data to external URLs
four ️⃣ Npm supply chain attack
• Install malicious dependencies
•hook child_process
Read process.exe and upload it
Iron Law of Protection (by Priority)
one ️⃣ Permanently disable automatic execution (most importantly)
• cursor: disable Auto run/YOLO/Zero confirmation
Claude/OpenClaw: Close automatic tool use
⚠️ Most accidents occur in the "automatic execution on" state
two ️⃣ Only use high trust sources
Priority:
Official Market
High star+active GitHub
Code of acquaintance list file
Unknown zip/private link=direct
three ️⃣ 5-minute manual audit checklist
Search globally with an editor:
•curl / wget / fetch / axios / http://requests.post
•child_process / exec / spawn / system / eval
•process.env / getenv / os.environ
•~/.ssh / ~/.aws / ~/.config / .env / wallet / keystore
•webhook / paste / http://(discord.com)/api
Base64 long string/zero width character/ultra long description block
four ️⃣ Ignore sensitive directories
For example:
~/.aws/
~/.ssh/
~/.config/
~/Library/Application Support/
.env*
*/keystore
**/*.key
*/wallet
five ️⃣ Mandatory environmental isolation
• Coin Circle Dedicated Virtual Machine
•Windows Sandbox
Browser multi account isolation (Rabby)
Hot wallet does not hold the main system
Seed offline storage
Large amount use with multiple signatures+limit+delayed withdrawal
Extra Red Flag (Delete if seen)
• Request to close security confirmation
The promotional slogan is extremely exaggerated (artifact/automatic wealth)
• Require seed/private key to be filled in
• Require automatic SSH/batch monitoring of wallets
Author's new account/low interaction/suspicious history
one-sentence summary
It can be solved by writing 3 lines of code on its own,
Don't pretend to be an unfamiliar skill.
Even if installed, it must:
Read line by line
Turn off automatic execution
Running in an isolated environment
Otherwise:
OpSec hasn't crashed in 10 years, taken away by an AI plugin
It's really not a joke.
Share To
Timeline
HotFlash
APP
X
Telegram
CopyLink