ChatGPT’s Solana API Suggestion Links to Phishing Site, Costing User $2,500

• The hacker(s) have 4-month-old Github repositories that pollute the AI with malicious crypto code.
• Users are warned against blindly using AI-generated code and to keep their private keys offline.
• The hacker(s) primary wallet contains approximately $250,000 worth of presumably stolen crypto.

A user attempting to create a bot for Solana memecoin generator, pump.fun, ultimately found himself losing out after ChatGPT recommended a hacker’s API code.

Solana API

Entering into the uncharted waters of digital absurdity, an individual going by the name “R_ocky.eth”, or Rocky, was seeking guidance from ChatGPT to create a trading bot—or “Bump bot” for pump.fun—but ended up getting scammed by the AI instead.

Leveraging OpenAI’s ChatGPT, the user then took the code written by the bot and plugged the APIs in, which ended up being a backdoor to giving away his private keys to a phishing website.

Rocky, who lost $2,500 in the process, notes that the scammer got to work fast after using the recommended API and drained the wallet within 30 minutes.

“Of course, I’ve made the mistake of using my main Solana wallet but when you are in a rush to do so many things at the same time it is easy to make a mistake.”

In response, Web3 security and anti-scam firm Scam Sniffer highlighted that people should “never blindly use AI-generated code.”

Serial Scammer

Rocky appears to have identified the  hacker’s wallet , which contains over $258,000 worth of presumably stolen cryptocurrencies—and a huge variety at that.

In addition, Scam Sniffer has also found the Github repositories where, over the last four months, the entity was manipulating the AI into creating poisonous code.

There are 107 different token accounts linked to this wallet, including a whopping $147,211 worth of USD Coin (USDC), $18,283 worth of Dogwifhat (WIF), and $12,662 in Pyth Network (PYTH).

These are amongst a litany of Solana-based cryptos, memecoins, and otherwise completely junk tokens.

The address was seemingly created on December 2023 and has since recorded 206,469 transfers.

However, after averaging 300 to 600 transfers a day, the wallet kicked off November with a massive 2,755 transfers.

Since then, it’s posted similar or higher numbers. Today, it continues to make significant and frequent transfers to multiple wallets every minute.