A Web3 project contract or malicious code implanted by employees resulted in losses of hundreds of thousands of dollars

BlockBeats News: On April 28th, according to crypto community member Cat (@ 0xCat_Crypto), a Web3 startup project had hundreds of thousands of USDT transferred due to the inclusion of a hard coded authorized wallet address in its smart contract code. In the incident, an employee submitted suspicious contract code, but the employee denied writing the relevant code, stating that the malicious code was generated automatically by an artificial intelligence programming assistant and had not been thoroughly reviewed. At present, the ownership of the wallet involved cannot be confirmed, and the coding subject is also difficult to identify. SlowMist Cosine stated in a post that after preliminary investigation, it was found that the addresses automatically completed by AI in the environment using the Cursor and Claude 3.7 models did not match the malicious addresses involved, ruling out the possibility of AI code generation causing harm. The malicious address was granted the rights of the smart contract owner, resulting in the complete transfer of project funds.