Bill The Investor
Bill The Investor|2月 20, 2026 00:49
Security Guide for AI Tools (Cursor/Claude Code/OpenClaw) Used by Coin Circle People The risk of using AI agents/automation tools in the cryptocurrency environment is much higher than that of ordinary software Trojans. Multiple real cases have emerged from 2025 to 2026: Fake cursor extension disguised as "Solidity tool", implanted with remote control Trojan (including PowerShell downloader+RAT+information thief) Malicious modules disguised as trading tools/wallet enhancement plugins have appeared in the AI Skill market, stealing API keys, seeds, and browser data Prompt injection attack hidden in the README/dependency package, guiding AI to automatically execute malicious commands Npm supply chain poisoning, using childsprocess to read. env and export it externally Why is the cryptocurrency environment particularly dangerous? Because on the same machine, there are usually: • Hot wallet •seed / keystore Infura/Alchemy/DEX API keys in. env • Browser wallet extension • Automated trading scripts Once AI tools are contaminated: It won't "sneak away" like traditional trojans, But instead, they will use "conversational engineering scams" to get you to approve on your own: •rm Curl upload Excel malicious script You may even mistakenly think that it is optimizing the trading bot. Common coin stealing tricks that have already occurred one ️⃣ Disguise popular tools Solana Sniper/Phantom Enhancement/Bybit Tracking/Polymarket Prediction Behavioral pattern: Scan~/. metamask/~/. config/. env Package and send to webhook/paste service two ️⃣ Fake IDE plugin Download from unofficial markets Execute PowerShell/child_decess Stealing API keys/sessions three ️⃣ Prompt Injection Clone open-source bot README contains hidden instructions (zero width characters/white characters) AI automatically backs up wallet data to external URLs four ️⃣ Npm supply chain attack • Install malicious dependencies •hook child_process Read process.exe and upload it Iron Law of Protection (by Priority) one ️⃣ Permanently disable automatic execution (most importantly) • cursor: disable Auto run/YOLO/Zero confirmation Claude/OpenClaw: Close automatic tool use ⚠️ Most accidents occur in the "automatic execution on" state two ️⃣ Only use high trust sources Priority: Official Market High star+active GitHub Code of acquaintance list file Unknown zip/private link=direct three ️⃣ 5-minute manual audit checklist Search globally with an editor: •curl / wget / fetch / axios / http://requests.post •child_process / exec / spawn / system / eval •process.env / getenv / os.environ •~/.ssh / ~/.aws / ~/.config / .env / wallet / keystore •webhook / paste / http://(discord.com)/api Base64 long string/zero width character/ultra long description block four ️⃣ Ignore sensitive directories For example: ~/.aws/ ~/.ssh/ ~/.config/ ~/Library/Application Support/ .env* */keystore **/*.key */wallet five ️⃣ Mandatory environmental isolation • Coin Circle Dedicated Virtual Machine •Windows Sandbox Browser multi account isolation (Rabby) Hot wallet does not hold the main system Seed offline storage Large amount use with multiple signatures+limit+delayed withdrawal Extra Red Flag (Delete if seen) • Request to close security confirmation The promotional slogan is extremely exaggerated (artifact/automatic wealth) • Require seed/private key to be filled in • Require automatic SSH/batch monitoring of wallets Author's new account/low interaction/suspicious history one-sentence summary It can be solved by writing 3 lines of code on its own, Don't pretend to be an unfamiliar skill. Even if installed, it must: Read line by line Turn off automatic execution Running in an isolated environment Otherwise: OpSec hasn't crashed in 10 years, taken away by an AI plugin It's really not a joke.
+5
Mentioned
Share To

Timeline

HotFlash

APP

X

Telegram

Facebook

Reddit

CopyLink

Hot Reads