Zak Cole, a developer on Ethereum
Cole explained in an August 12 post on X that the issue began when he added an extension called “contractshark.solidity-lang” to his setup through Cursor AI.
This extension appeared safe, since it had a detailed description, a familiar icon, and had already been downloaded over 54,000 times.
Did you know?
Subscribe – We publish new crypto explainer videos every week!
What is a Perpetual Contract in Crypto? (Definition + Example)
However, after installation, the software quietly accessed Cole’s local environment file. Within minutes, his private key was copied and sent to someone else.
The extension then allowed the attacker to access Cole’s wallet for three days. On August 10, all the funds in that wallet were removed. Cole explained that he had been working to finalize a smart contract when he added the tool, which led to the oversight.
Despite the breach, Cole did not lose much money. He only stores small amounts in easily accessible wallets used for testing, while his main assets are protected with hardware devices.
His investigation led him to reports from cybersecurity sources like Kaspersky and BleepingComputer, which linked the same extension to a larger theft campaign that has taken more than $500,000 from different victims.
As of now, the extension is still available on Cursor AI’s marketplace, and the publisher remains listed as a trusted source.
Koi Security recently reported that a cybercrime group named GreedyBear has stolen more than $1 million in cryptocurrency. How? Read the full story.
