What is the recent Cursor AI IDE extension supply chain attack that resulted in $500,000 crypto theft?
A sophisticated cyberattack in June 2025 involved hackers weaponizing a malicious “Solidity Language” extension in Cursor AI IDE, allowing them to steal $500,000 in cryptocurrency assets from a blockchain developer. The attackers used search ranking manipulation to position their fake extension above legitimate ones, deploying multi-stage malware through remote access tools like ScreenConnect. This incident highlights the rising threat of supply chain attacks targeting AI development environments and emphasizes the need for vigilant extension verification, endpoint monitoring, and proactive cybersecurity measures.
Table of Contents
- What Happened in the Cursor AI IDE Extension Attack?
- Why This Attack Is Concerning for Cybersecurity Teams
- How the Infection Chain Worked — Step-by-Step
- Attack Infrastructure: More Than One Package Involved
- How Hackers Manipulated the Open VSX Search Algorithm
- Tools and Techniques Involved
- Lessons for Developers and Security Professionals
- Conclusion
- Frequently Asked Questions (FAQs)
In July 2025, cybersecurity researchers uncovered a sophisticated cyberattack where hackers stole $500,000 in cryptocurrency assets from a Russian blockchain developer. The attack method? A weaponized IDE extension targeting the increasingly popular Cursor AI IDE. This case highlights how supply chain attacks are evolving, using platforms like Open VSX and developer tools to infiltrate even highly cautious users.
What Happened in the Cursor AI IDE Extension Attack?
A Russian developer, despite practicing strict cybersecurity hygiene, became the victim of a malicious package disguised as a Solidity syntax highlighting extension for the Cursor AI IDE.
The fake extension, named "Solidity Language," was downloaded over 54,000 times before being detected and removed. The attackers cleverly manipulated search rankings, pushing their extension above legitimate ones by updating it frequently and maintaining high download numbers.
Timeline of the Attack:
-
June 15, 2025: Malicious extension last updated, ranked 4th in search results.
-
June 2025: Victim installs the extension, unknowingly allowing the attack.
-
July 2025: Investigation reveals malware campaign connected with multiple other malicious packages.
Why This Attack Is Concerning for Cybersecurity Teams
Unlike traditional phishing or malware, this attack weaponized:
-
Open-source software ecosystems.
-
AI-assisted development platforms.
-
Supply chain manipulation via search ranking algorithms.
Even vigilant developers are vulnerable if malicious extensions are positioned above legitimate ones in search results.
How the Infection Chain Worked — Step-by-Step
The attackers engineered a multi-layered infection process. Here’s how it unfolded:
| Stage | Action Performed |
|---|---|
| Initial Contact | Malicious extension contacts C2 server angelic[.]su. |
| PowerShell Script | Retrieves 1.txt script checking for ScreenConnect presence. |
| Conditional Payload | If ScreenConnect absent, downloads 2.txt script triggering installer. |
| Remote Access Setup | Installs legitimate ScreenConnect software communicating with relay.lmfao[.]su. |
| Persistence | Attackers gain remote access blending into normal system operations. |
Attack Infrastructure: More Than One Package Involved
The forensic investigation found multiple related malicious packages:
-
solsafe (npm repository)
-
solaibot (VS Code extension)
-
among-eth (VS Code extension)
-
blankebesxstnion (VS Code extension)
All shared the same command-and-control (C2) infrastructure.
How Hackers Manipulated the Open VSX Search Algorithm
The attackers used SEO-like tactics within the IDE ecosystem:
-
Frequent Updates: To appear “recently maintained.”
-
Artificial Download Counts: Building trust and better visibility.
-
Strategic Naming: Mimicking official extensions.
Example search result screenshot from Securelist showed the malicious extension ranking 4th while the authentic one was only 8th.
Tools and Techniques Involved
| Technique | Purpose |
|---|---|
| Supply Chain Attack | Compromising trust in software distribution channels |
| Social Engineering | Masking malicious intent as legitimate developer tools |
| Remote Access Software Misuse | Blending malicious activity with legitimate admin tools |
| PowerShell Script Chaining | Multi-stage payload delivery and evasion |
Lessons for Developers and Security Professionals
If You’re a Developer:
-
Always verify extensions manually.
-
Prefer official sources over third-party registries.
-
Monitor unusual system activity post-installation.
For Organizations:
-
Implement extension whitelisting.
-
Use Endpoint Detection and Response (EDR) tools.
-
Train development teams on modern supply chain attack vectors.
Conclusion: Supply Chain Threats in AI-Enhanced Development
This $500,000 crypto heist via the Cursor AI IDE shows how supply chain attacks are moving beyond npm, PyPI, and classic open-source registries.
AI development tools, once considered niche, are now prime targets for cybercriminals.
Organizations must prioritize supply chain security as part of their overall incident response and cloud security posture.
FAQs
What happened in the Cursor AI IDE extension attack?
Hackers used a fake “Solidity Language” extension in Cursor AI IDE to deploy malware and steal $500,000 in cryptocurrency.
How did the malicious extension get popular on Cursor AI IDE?
The attackers manipulated search rankings by frequently updating the extension and increasing download counts.
What is the name of the malicious extension involved?
The extension was called “Solidity Language.”
How many downloads did the fake Solidity Language extension have?
Over 54,000 downloads before it was detected and removed.
When did the Cursor AI IDE crypto theft incident occur?
The attack happened in June 2025.
How did the malware infection chain work?
The malicious extension downloaded PowerShell scripts, checked for remote access tools, and installed ScreenConnect for persistent access.
What command-and-control servers were involved?
The malware communicated with servers such as angelic[.]su and relay.lmfao[.]su.
Was the malicious extension performing actual Solidity syntax highlighting?
No, it had no real syntax functionality—it only acted as malware.
What other malicious packages were found related to this attack?
Packages like solsaf, solaibot, among-eth, and blankebesxstnion were identified as related.
Why is this attack significant for cybersecurity professionals?
It showcases evolving supply chain attack methods within AI-assisted development platforms.
How can developers protect themselves from similar Cursor IDE extension attacks?
Verify plugins manually, prefer official sources, and monitor system behavior after installing new extensions.
What tools did the attackers misuse in this incident?
ScreenConnect, a legitimate remote access tool, was used maliciously for persistence.
What is Open VSX, and how was it involved?
Open VSX is an open extension registry; attackers exploited its ranking system to promote their fake extension.
Is the Cursor AI IDE itself compromised?
No, the platform was not compromised, but its extension ecosystem was abused.
What is a supply chain attack in cybersecurity?
A supply chain attack targets software distribution channels to spread malware or steal data.
What organizations are most vulnerable to IDE supply chain attacks?
Blockchain developers, crypto startups, and organizations using AI development environments.
What are the best practices for avoiding IDE extension supply chain attacks?
Only install verified extensions, use EDR solutions, and conduct regular system audits.
How do attackers manipulate search rankings in Open VSX?
By updating extensions regularly and inflating download statistics.
What cybersecurity lessons can companies learn from this attack?
Prioritize plugin security, conduct training, and implement strict endpoint monitoring.
Did the attack involve phishing emails?
No, it specifically targeted IDE plugin ecosystems rather than email phishing.
What type of malware was delivered through the malicious extension?
Multi-stage malware using PowerShell scripts and remote access software.
What is Cursor AI IDE used for?
It is an integrated development environment for AI and blockchain coding projects.
Can security tools detect such IDE-based supply chain attacks?
Yes, advanced endpoint detection and SIEM solutions can help detect abnormal behavior.
What steps did researchers take to analyze the malware?
They performed forensic analysis of the compromised system and reverse-engineered the extension.
How long was the malicious extension live before removal?
The exact duration is unclear, but it had accumulated 54,000 downloads before discovery.
What’s the role of social engineering in this incident?
Attackers relied on developers’ trust in open-source tools and extension rankings.
Are supply chain attacks increasing in 2025?
Yes, especially targeting developer tools and AI-related platforms.
What is the safest way to use Cursor AI IDE now?
Use only verified extensions, avoid random downloads, and keep endpoint security solutions active.
What blockchain assets were stolen in this attack?
Cryptocurrency assets valued at approximately $500,000.
Has Cursor AI IDE issued any official security updates post-incident?
No public updates have been confirmed as of July 2025.
Can such attacks happen on other IDEs like VS Code?
Yes, similar tactics have been observed targeting Visual Studio Code extensions.
![Top 10 Ethical Hackers in the World [2025]](https://www.webasha.com/blog/uploads/images/202408/image_100x75_66c2f983c207b.webp)
![[2025] Top 100+ VAPT Interview Questions and Answers](https://www.webasha.com/blog/uploads/images/image_100x75_6512b1e4b64f7.jpg)
