I never expected that AI stole my wallet

Author: Azuma, Odaily Planet Daily

On November 22, Beijing time, Slow Fog founder Yu Xian posted a bizarre case on his personal X ------ a user's wallet was "hacked" by AI…

The ins and outs of this case are as follows.

Early this morning, X user r_ocky.eth revealed that he had previously hoped to use ChatGPT to assist in creating a pump.fun trading bot.

rocky.eth provided ChatGPT with his requirements, and ChatGPT returned a piece of code that could indeed help rocky.eth deploy a bot that met his needs, but he never expected that the code would contain hidden phishing content ------ r_ocky.eth linked his main wallet and consequently lost $2,500.

From the screenshot posted by r_ocky.eth, the code provided by ChatGPT sends the address private key to a phishing API website, which is the direct cause of the theft.

While rocky.eth fell into the trap, the attacker reacted extremely quickly, transferring all assets from rocky.eth's wallet to another address (FdiBGKS8noGHY2fppnDgcgCQts95Ww8HSLUvWbzv1NhX) within half an hour. Subsequently, r_ocky.eth traced on-chain and found an address suspected to belong to the attacker's main wallet (2jwP4cuugAAYiGMjVuqvwaRS2Axe6H6GvXv3PxMPQNeC).

On-chain information shows that this address has currently accumulated over $100,000 in "stolen funds," leading r_ocky.eth to suspect that such attacks may not be isolated incidents, but rather part of a larger-scale attack event.

After the incident, r_ocky.eth expressed disappointment, stating that he has lost trust in OpenAI (the company that developed ChatGPT) and called for OpenAI to promptly address the abnormal phishing content.

So, why would ChatGPT, as the most popular AI application today, provide phishing content?

In this regard, Yu Xian characterized the fundamental cause of this incident as "AI poisoning attacks," pointing out that there are widespread deceptive behaviors in LLMs like ChatGPT and Claude.

The so-called "AI poisoning attack" refers to the act of deliberately corrupting AI training data or manipulating AI algorithms. The attackers could be insiders, such as disgruntled current or former employees, or external hackers, with motives that may include causing reputational and brand damage, altering the credibility of AI decision-making, or slowing down or sabotaging AI processes. Attackers can distort the model's learning process by embedding misleading labels or features in the data, leading to erroneous results during deployment and operation.

In light of this incident, the reason ChatGPT provided phishing code to r_ocky.eth is likely because the AI model was contaminated with materials containing phishing content during training, but the AI seemingly failed to recognize the phishing content hidden beneath the regular materials. After learning from it, the AI then provided this phishing content to the user, resulting in the occurrence of this incident.

With the rapid development and widespread adoption of AI, the threat of "poisoning attacks" has become increasingly significant. In this incident, although the absolute amount lost is not large, the extended implications of such risks are enough to raise alarms ------ assuming it occurred in other fields, such as AI-assisted driving…

In response to a user's question, Yu Xian mentioned a potential measure to mitigate such risks, which is to have ChatGPT add some form of code review mechanism.

Victim r_ocky.eth also stated that he has contacted OpenAI regarding this matter. Although he has not yet received a response, he hopes that this case can serve as an opportunity for OpenAI to pay attention to such risks and propose potential solutions.