「AI Poisoning」 is Unstoppable, Can You Still Code with ChatGPT?
There is no evidence to suggest whether the poisoning of GPT was intentional or if GPT autonomously gathered the data.
Recently, a user encountered an unexpected online scam while trying to develop an automatic post boosting bot for pump.fun and seeking code help from ChatGPT. The user followed the code guidance provided by ChatGPT, visited a recommended Solana API website, which turned out to be a scam platform, resulting in a loss of about $2500.
According to the user's account, a part of this code required submitting a private key via an API. Due to being preoccupied, the user used their main Solana wallet without conducting a review. Upon reflection, they realized a grave mistake, but at that moment, trust in OpenAI made them overlook the potential risks.
After using the API, the fraudsters swiftly took action and managed to transfer all assets from the user's wallet to the address FdiBGKS8noGHY2fppnDgcgCQts95Ww8HSLUvWbzv1NhX within just 30 minutes. Initially, the user didn't entirely confirm issues with the website, but upon closer inspection of the domain's homepage, conspicuous signs of suspicion were revealed.
Presently, the user is appealing to the community to help block the @solana site and remove associated information from the @OpenAI platform to prevent further harm. They also aim to trace the fraudsters through the clues left behind and bring them to justice.
Scam Sniffer investigation uncovered a malicious code repository designed to steal private keys through AI-generated code.
• solanaapisdev/moonshot-trading-bot
• solanaapisdev/pumpfun-api
Github user 'solanaapisdev' has created multiple code repositories in the last 4 months, attempting to steer AI-generated malicious code.
The reason the user's private key was compromised is that the private key was directly sent to a phishing website in the HTTP request body.
SlowMist founder, Cao Yin, stated, "These are all very unsafe practices, all kinds of 'poisoning.' Not only uploading private keys but also helping users generate private keys online and letting users use them. The documentation is also written in a perfunctory manner."
He also mentioned that these malicious code websites have very limited contact information, with the official website having no content, mainly just documentation and a code repository. "The domain name was registered at the end of September, which makes people feel like it was premeditated poisoning, but there is no evidence to suggest whether it was intentionally poisoning GPT or whether GPT actively collected it."
Scam Sniffer provides security recommendations for code created using AI, including:
• Do not blindly use AI-generated code
• Always carefully review the code
• Store private keys in an offline environment
• Only use trusted sources
Source: Original Article Link
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
FIFA, Mythical Games collaborate to launch blockchain game FIFA Rivals
Tassat and Veuu partner to offer blockchain-based health insurance payment service
Michael Saylor: MicroStrategy's Bitcoin revenue reached $5.4 billion in the past two weeks
Indian billionaire Adani summoned by US SEC to explain position on bribery case