In a recent tweet on April 20, crypto investors were cautioned about an AI trading bot project on GitHub stealing their private keys.
The alarming discovery was made by security researcher dm557 in X, who found the bot’s code has a hidden encrypted script that sends users’ private cryptocurrency wallet keys to its creator.
According to SlowMist, an entity that deals with blockchain security named Evilcos, the installed software contains backdoor code for secret key acquisition.
“If you are not familiar with the code, you need to be alert when you see fancy codes (“garbled code”), because there may be something fishy hidden. Crypto is all about open source. If it is open source, it is eager to provide highly readable code. Who would bother with these fancy codes?” Evilcos remarked.,” said Evilcos warning that any legitimate open-source crypto projects must ensure clarity and legibility of their codes.
Despite reports that the bad backdoor has already been done away with, experts maintain extreme skepticism since they think that it can be just another deception aimed at getting new victims to download the compromised bot.
“Avoid projects which have had a questionable past,” advised developer Greysign cautioning that such an author might decide to return this malicious script.
Also Read: Coinbase Board Member, Kathryn Haun Announces Step Down
