Ethereum Dev Loses Funds to AI-Extension Crypto Scam

AI Powered Crypto Scams Surge: Ethereum Dev Is Just One Case

Amid increasing threats of wallet drainers, a prominent Ethereum dev fell victim to an AI-powered crypto scam targeting crypto professionals. According to recent reports, the developer's funds were drained after he installed a malicious artificial intelligence extension that compromised his hot wallet's security.

Ethereum Dev Falls Victim to Wallet Drainers

In a concerning trend of increasing wallet drainers, Ethereum dev Zak Cole recently fell prey to a malicious AI extension linked to Cursor AI, allowing attackers to access his account for three days before draining the funds.

In a recent X post, the Ethereum dev revealed that after installing the'contractshark.solidity-lang' plugin, his key was covertly extracted. The plugin had a professional icon and detailed description, with over 54,000 downloads. It accessed Cole’s  .env file and transmitted the key to the attacker's server, granting unauthorized access to his hot wallet. His postread,

"I'm obsessed with security. Hardware wallets, segregated hot wallets, unique passwords, 2FAeverything. In 10+ years, I have never lost a single wei to hackers. Then I rushed to ship a contract last week."

However, the individual lost only “a few hundred $ in ETH.” Cole attributes these limited losses to his strict security practices. He stated that he only uses hot wallets for testing purposes with small amounts of funds, segregates them by project, and stores his main funds in hardware wallets. Cole implied that without these precautions, the outcome would have been much worse.

This development comes following a surprising report that revealed a long-term crypto hack that resulted in the loss of $900k. A hacker reportedly waited 458 days to steal this massive amount.

AI-PoCrypto Scams Surge: Ethereum Dev Is Just One Case

Notably, the Ethereum dev’s experience is one of the latest examples of the increasing AI-powered cryptocurrency scams. Recently, a group called GreedyBear has stolen over $1 million in crypto using AI-generated malicious Firefox extensions. The group created over 150 fake add-ons for popular wallet platforms, exploiting AI's capabilities to automate and scale their attacks, evading security measures in the process.

According to Hakan Unal, senior security operations lead at Cyvers, malicious AI extensions are becoming a “major attack vector.” They use “fake publishers and typosquatting to steal private keys.”

Interestingly, these wallet drainers constitute only a portion of the surging cryptocurrency scams. According to a Chainalysis report, over $2.17 billion was stolen in 2025 crypto hacks. Smart contract vulnerabilities and human mistakes have been major factors, with access control breaches being a primary cause of recent losses.

Today, another major crypto scam came to light, with a victim losing $165,000 worth of $BLOCK and $DOLO tokens. The scammers were able to drain the victim's assets after obtaining unauthorized access through malicious 'approve' and'increaseAllowance' signatures that the victim had inadvertently signed.