Ethereum developer wallet stolen funds by malicious AI plugin

Ethereum core developer Zack Kerr revealed that his hot wallet was attacked due to the installation of the malicious AI extension "contractshark. solidity lang", resulting in the theft of private keys and the transfer of funds. The plugin disguises itself as a legitimate tool with over 54000 downloads, but in reality reads the user's. env file and sends the private key to the attacker's server. The attacker transferred the funds from the wallet on August 10th, three days after obtaining the private key.