There is no evidence to indicate whether the poisoning was intentional towards GPT or if GPT actively collected it.

Written by: shushu

Recently, a user attempting to develop an automatic posting bot for pump.fun sought code assistance from ChatGPT, only to unexpectedly encounter online fraud. Following the code guidance provided by ChatGPT, the user accessed a recommended Solana API website. However, this website was actually a scam platform, resulting in a loss of approximately $2,500 for the user.

According to the user's description, part of the code required submitting a private key via the API. Due to being busy, the user used their main Solana wallet without review. In hindsight, he realized he had made a serious mistake, but at the time, his trust in OpenAI led him to overlook the potential risks.

After using the API, the scammers quickly took action, transferring all assets from the user's wallet to the address FdiBGKS8noGHY2fppnDgcgCQts95Ww8HSLUvWbzv1NhX in just 30 minutes. Initially, the user did not fully confirm that there was a problem with the website, but after carefully checking the homepage of the domain, he discovered obvious suspicious signs.

Currently, this user is calling on the community to help block this @solana website and remove related information from the @OpenAI platform to prevent more people from falling victim. He also hopes to bring the scammers to justice through an investigation of the clues left behind.

Scam Sniffer has discovered malicious code repositories aimed at stealing private keys through AI-generated code.

• solanaapisdev/moonshot-trading-bot

• solanaapisdev/pumpfun-api

The GitHub user "solanaapisdev" has created multiple code repositories in the past four months, attempting to guide AI to generate malicious code.

The reason the user's private key was stolen is that it was directly sent to the phishing website in the HTTP request body.

Yuxian, the founder of Slow Mist, stated, "These are very unsafe practices, various forms of 'poisoning.' Not only do they upload private keys, but they also help users generate private keys online for them to use. The documentation is also written in a pretentious manner."

He also mentioned that the contact methods for these malicious code websites are very limited, with the official website lacking content, primarily consisting of documentation + code repositories. "The domain was registered at the end of September, which inevitably makes one feel it was a premeditated poisoning, but there is no evidence to indicate whether it was intentionally poisoned towards GPT or if GPT actively collected it."

Scam Sniffer's security recommendations for using AI-assisted code creation include:

• Never blindly use AI-generated code

• Always carefully review the code

• Store private keys in an offline environment

• Only use trusted sources

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。