AI Extension Attack

Sponsor: Frax — Fraxtal Ecosystem: Where DeFi Meets AI.

📸 Market Snapshot: Broadly speaking, the AI crypto sector stayed flat this week as its market cap hovered around $30 billion. Established projects traded down, like TAO (-3%) and VIRTUAL (-14%), though some newer faces had standout performances.

For example, Codatta ($XNY) skyrocketed +700% over the past 7 days, riding a Binance Futures listing, a community booster campaign, and new releases that drew massive volume and FOMO. This surge spilled over to related plays, with Tagger ($TAG) climbing +37% in the same ballpark as an AI data collection and labelling project.

Other recent AI risers included Ridges AI ($SN62), which climbed 57%, and tao.bot ($TAOBOT), which grew +30%, amid Bittensor's surging subnet ecosystem. Keep these on watch as the onchain AI narrative heats up.

Devs and vibe coders in crypto just got a wake-up call after a novel security breach hit Zak Cole of the Ethereum Community Foundation. Cole, who’s been in crypto for over a decade with a spotless OpSec record, had his wallet drained last week after installing what looked like a legit Solidity extension in Cursor, the popular AI code editor.

What happened:

• The malicious extension, “contractshark.solidity-lang,” had the right trust signals. It came from the Open VSX registry and had a professional icon, clean description, 54k+ downloads, and a believable publisher name. Oof.
• Within minutes of installation, the extension read Cole's .env file and from there sent his private key to an attacker’s server. Shortly thereafter, his wallet was emptied.
• Fortunately, damage was minimal because Cole uses strict hot wallet segregation, with his main funds defended in hardware wallets. However, similar supply chain attacks have already stolen more than $500k from other devs!

What's spooky here is this vector bypasses OS malware defenses entirely. It was just JavaScript combined with user permissions. Plus, .env files are written in plaintext. Anything on your machine, from AI coding assistants to npm packages, can read it.

Time to batten down the hatches, then. Cole recommends getting private keys out of .env files, moving anything valuable to hardware wallets, and isolating your dev enviroments. Treat every extension install like it’s a potential breach.

Cole's full post-mortem breakdown and follow-up threads are worth a read. The grand takeaway here is that in a connected dev environment, trust is your attack surface. Cole's paranoia saved him from disaster, but it could have been a lot worse. Build your setup so that if you ever get compromised like this too, the damage is completely minimized.

Plus, other news this week...

🤖 AI Crypto

• SEKAI — Hyperliquid x AI pre-launched project gaining traction
• Giza — made up 3% of Base chain's entire volume on Tuesday, after surpassing a billion dollars of "agentic" volume on Monday
• Temo — released the Virtuals DeFAI Index on Indexy
• Warden — is fully migrating to Venice.AI models

📣 General News

• Geoffrey Hinton — the Godfather of AI, suggested training AI with “maternal instincts” toward humans as a safeguard against AI annihilation
• Meta — the FAIR team unveiled TRIBE, a neural network that predicts human brain responses to movies
• Perplexity — made an unsolicited $34.5B bid for Chrome browser, per the WSJ, amid Google’s ongoing antitrust battle that could force a Chrome spin-off
• xAI — xAI co-founder Igor Babuschkin leaves to start Babuschkin Ventures, for investing in AI startups while Elon Musk announced xAI is suing Apple for favoring OpenAI in the App Store

📚 Reads

• Caffeinated Capital — The Audacity of AI
• Diego — Where Is Crypto x AI Heading?
• Ethereum Guest Post — Autonomous Agents Are About to Become Ethereum’s Biggest Power Users

The Fraxtal ecosystem is expanding at lightning speed—this month’s biggest highlight is IQAI.com, the newest Agent Tokenization platform from IQ and Frax. IQ is building autonomous, intelligent, tokenized agents launching on Fraxtal in Q1. Empower onchain agents with built-in wallets, tokenized ownership, and decentralized governance—all within a fast-growing Fraxtal ecosystem.

In the latest Limitless episode, Josh and Ejaaz unpack Meta’s mind-bending TRIBE model—an AI that can predict your brain’s reactions to movies with uncanny accuracy.

They explore how it beat 260 teams in a global brain modeling challenge, what it means for personalized content, and the eerie possibilities when paired with brain-computer interfaces and Meta’s new neural wristband.

Tune in for their unfiltered takes on the thrilling—and slightly terrifying—future of AI-powered human-computer interaction! 👇