PANews reported on April 28 that according to @0xCat_Crypto, a member of the crypto community, a Web3 startup project had hundreds of thousands of USDT transferred away due to the hard-coded authorized wallet address in the smart contract code. In the incident, the contract code submitted by an employee was suspicious, but the employee denied writing the relevant code, saying that the malicious code was automatically generated by an artificial intelligence programming assistant and was not fully reviewed. At present, the ownership of the wallet involved cannot be confirmed, and it is also difficult to identify the code writing entity.

SlowMist Cosine said in a statement that after preliminary investigation, in the environment of using Cursor and Claude3.7 models, the address automatically completed by AI did not match the malicious address involved, eliminating the possibility of AI code generation for malicious purposes. The malicious address was given the rights of the smart contract owner, resulting in the complete transfer of the project's funds.