28-4-2025 – A Web3 startup has fallen victim to a sophisticated financial breach, resulting in the misappropriation of hundreds of thousands of USDT through its smart contract infrastructure.
The security breach came to light when prominent crypto community figure Cat (@0xCat_Crypto) exposed a critical vulnerability stemming from a pre-authorised wallet address embedded within the project’s smart contract architecture.
At the heart of the controversy lies a contentious piece of contract code, with fingers pointed at an employee whose submission is now under intense scrutiny. The staff member has vehemently rejected allegations of wrongdoing, suggesting instead that an artificial intelligence programming assistant inadvertently generated the problematic code without proper verification.
Security expert Cosine from SlowMist, a respected blockchain security firm, has dismissed claims of AI involvement in the breach. Their forensic analysis, utilising both Cursor and Claude 3.7 platforms, revealed a crucial discrepancy: the AI-generated wallet addresses failed to match the unauthorised address that ultimately gained owner-level permissions to the smart contract.
The investigation continues as authorities work to establish both the ownership of the compromised wallet and the true identity behind the malicious code implementation that enabled the complete drainage of the project’s financial reserves.
