Ddos 
It turns out that even seasoned professionals are not entirely immune to the deceptive tactics of phishing attacks. Previously, the maintainer of the data breach monitoring site Have I Been Pwned fell victim to such a scheme, resulting in the exposure of thousands of subscriber email addresses.
Now, Ethereum core developer Zak Cole has disclosed that he was duped by a counterfeit Cursor AI extension—a malicious tool designed to steal cryptocurrency wallet private keys. Fortunately, the targeted wallet contained only a few hundred dollars, so the financial loss was minimal.
The extension in question, named contractshark.solidity-lang, appeared entirely legitimate. It boasted a professional icon, a polished description, and more than 54,000 downloads. Convinced of its authenticity, Zak proceeded to install it without suspicion.
At first, no irregularities were apparent. The developer had been using a small, isolated hot wallet for testing purposes, holding only a modest amount of Ethereum. Later, he discovered that the extension had read the .env file and exfiltrated the private key to the attacker’s server, after which the wallet was completely drained.
This case underscores a critical warning: many recently discovered malicious extensions also display exceptionally high download counts—numbers that are likely artificially inflated. Download statistics alone should never be taken as a measure of trustworthiness. Similarly, professional-looking icons and descriptive text can be copied directly from legitimate extensions and are equally unreliable as indicators of safety.
Zak Cole remarked that in over a decade, he had never lost funds to a hacking incident—this was the first time a wallet of his had been compromised. His long-standing practice of storing the majority of his assets in a hardware wallet spared him from significant losses, a habit that proved invaluable in mitigating the damage.
Related Posts:
- Solana Drainer Source Code Leak Reveals MS Drainer Connection, Underscores Growing Threat to Crypto Users
- Trojan Malware Infiltrates Browser Extensions, Impacts 300,000 Users
- Malicious Chrome Extension Infects Over 100,000 Users
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
