by EZ-E on 7/15/25, 11:10 AM
Am I understanding right the extension was free to download code from internet and execute with enough rights to scan the user's disk? That is wild. Does this mean every company is one bad extension install away from having its entire codebase stolen or worse?
I naively assumed the extensions were 'sandboxed' to some degree.
by christophilus on 7/15/25, 11:01 AM
Supply chain attacks really worry me. I do most of my work in docker containers partly as a small attempt to mitigate this. I run the full stack in the container, including Claude Code, Neovim, Postgres, etc.
I do have a fair number of Neovim plugins on my host machine, and a number of Arch packages that I probably could do without.
I’ve considered keeping my host’s Neovim vanilla, but telescope is hard to live without.
by riv991 on 7/15/25, 11:02 AM
by throw7484485 on 7/15/25, 1:01 PM
Downloading random code from internet is just normal development on Mac. Brew, npm and other sorts of "package managers".
I have code, passwords and certificates separated in virtual machines, even IDE GUI app is virtualized, and has no rights to access GitHub, internet or filesystem directly.
But I get a lot of flack from coworkers. They say it is unintuitive and uses x86 CPU which is uncool. Mac has no reasonable VM software or secure containers!
by joelthelion on 7/15/25, 11:09 AM
So that guy used the same machine for development and holding 500,000$ in cryptos?
by meander_water on 7/15/25, 12:28 PM
There's actually a new setting in vscode (from Dec 24) to configure a whitelist for extensions that are allowed to be installed on a user's machine [0]. It's not foolproof, but it probably helps to prevent common supply chain attacks. I wonder if this could be used in cursor too.
[0] https://code.visualstudio.com/docs/setup/enterprise#_configu...
by lmz on 7/15/25, 11:17 AM
It's nice how they still respected copyright by not copying actual useful code out of the original extension.
by OkPin on 7/15/25, 11:41 AM
This incident really underscores how AI-powered dev tools, which rely on open-source extension registries like Open VSX, can be weaponized via supply chain abuse. A $500k crypto heist via a bogus “syntax highlighter” signals a scary maturity in these attacks.
Ranking manipulation, using recency and inflated download counts, to outrank the legitimate Solidity package is a clever exploit of how developers search. It makes me wonder: should IDEs start validating package authorship or offer signed extensions as a default?
Also, the fact that this happened on a freshly imaged system with no antivirus suggests we need to rethink trust models for extension marketplaces. Not just for crypto devs, but for any industry sensitive to code integrity.
by samsk on 7/15/25, 12:21 PM
Thats why I always develop on a per customer mini VM via VSCode ssh remoting or similar, and projects are usually runned via docker-compose or devcontainers.
by pshirshov on 7/15/25, 11:23 AM
But this is not about Cursor. It's a supply chain attack, and a Windows machine running a software wallet. A hardware wallet would make this impossible.
by voidUpdate on 7/15/25, 11:37 AM
I'm surprised that you can still get .su (soviet union) domains. I'd have thought someone would have said that you can't buy them anymore
by TrackerFF on 7/15/25, 11:26 AM
Should be trivial to search for links inside the code for the extensions. Though attackers can obfuscate those trivially too.
by londons_explore on 7/15/25, 4:04 PM
If you want to know if you've fallen victim to such an attack, this might help:
https://serverthiefbait.com
It is a small crypto wallet you can hide in your computer and be notified when someone steals from it.
by signaleleven on 7/15/25, 2:59 PM
Somewhat humorously, my company displayed an IT warning telling me that I can't visit the website in question because it's in Russia. I probably set off some kind of alarm somewhere.
I do use Cursor at work and I have various extensions installed.
by mrkramer on 7/15/25, 12:10 PM
I'm always anxious when I download npm packages or when I pip Python packages...tbh it's a gamble because there are so many supply chain attacks and/or malicious developers.
by rubymamis on 7/15/25, 11:45 AM
How's the extension able to run powershell commands with no warnings or permission requests? I assume this is type of attack is not possible on macOS?
by ivanjermakov on 7/15/25, 11:21 AM
by il-b on 7/16/25, 4:56 PM
Valuable wallets should only be accessed from designated devices with no unrelated software installed on them.
by EDEdDNEdDYFaN on 7/15/25, 11:10 AM
clickbait title
it wasn't even a cursor specific extension it was a vscode one. completely misleading
by darkwater on 7/15/25, 11:10 AM
You know you are in a cycle when some new software/paradigm brings new solutions and approaches while it forgets about basic stuff already implemented for ages by prior solutions. It's basically like an adolescent.
I guess this is how we evolve?
by dcastm on 7/15/25, 11:18 AM
How do you stay safe from this kind of attacks?
by nottorp on 7/15/25, 11:39 AM
Can’t blame the LLM for once… clickbait title.
by braggerxyz on 7/15/25, 12:43 PM
Some crypto bro got scammed while being involed in some AI shit? How ironic.
Yet, the extension dilemma is also utterly shit. That's why I stay far away from "VSCode and friends"
by arnaudsm on 7/15/25, 12:03 PM
Context : Cursor, despite raising $900M, is a vscode fork that uses the open-vsx extension registry. It is maintained by european volunteers at a non-profit, and does not have the resources to check for supply-chain attacks like this.
Freeloading on (and blaming) volunteer infrastructure is irresponsible, especially when you have so much funding.
by notachatbot123 on 7/15/25, 11:03 AM
Much less click-baity if a more descriptive title would have been used: "Malicious copy of Cursor AI extension used for $500k theft"
by vultour on 7/15/25, 11:41 AM
> The developer was well aware of the cybersecurity risks associated with crypto transactions, so he was vigilant and carefully reviewed his every step while working online.
Uses Cursor. Downloads random extensions.