Cybersecurity experts detect AI-based chatbot stealing cryptocurrency

Artificial intelligence bots have become one of the most popular ways to trade cryptocurrencies. However, cybersecurity analysts have discovered one designed to steal cryptocurrency private keys. In a post dated April 20, cybersecurity researcher dm557 told the X platform about such a malicious project and published its location on GitHub.

According to dm557's findings, the AI bot includes a file called «checkrug.py» that contains a binary encrypted script that decrypts data and transmits private keys. In cryptography, private keys serve as digital signatures for transactions. If these keys fall into the wrong hands, it can lead to significant losses.

Analysts at blockchain security firm SlowMist confirmed these findings and explained how the trading bot worked. It turned out that the bot has a backdoor code that is executed to steal users' private keys.

«If you’re not familiar with the code, you need to be careful when you see garbled code because it could be something suspicious. Cryptocurrency is all about open source. If it’s open source, it tends to provide code that is easy to read. Who is going to bother with these bizarre codes?» the experts said.

The project developer removed the backdoor code at the time of publication. Nevertheless, experts warn against downloading the AI bot, as the removal of malicious code may be a way to lure more unsuspecting users to it.

«The author has removed the backdoor and is working hard to update it. If other people use it, backdoors can be added at any time. Stay away from storage with a dark history,» said Greysign cryptanalyst.

It is noteworthy that the author blocked attempts to label the project as risky by removing the message that it had a backdoor.