Cursor AI Exploit Puts Coinbase And Crypto Security At Risk
Crypto Security faces new risks as Coinbase rely on AI coding tools vulnerable to the CopyPasta Attack, exposing billions in digital assets.

Quick Take
Summary is AI generated, newsroom reviewed.
CopyPasta exploit hides malicious code in overlooked developer files
Coinbase heavily relies on AI coding, raising major security concerns
Vulnerabilities affect multiple AI coding tools, not only Cursor
Crypto industry lost billions in 2025 from AI-driven exploits
Stronger defenses and oversight needed to secure AI coding use
Cursor has become one of the most widely used AI coding tools, especially at Coinbase. That reliance now looks risky after HiddenLayer Research disclosed a critical weakness called the CopyPasta Attack. The exploit slips malicious instructions into files that most developers rarely check. These files include LICENSE.txt or README.md. AI coding assistants then mistake these buried commands as essential requirements and spread the payload across entire projects around crypto security. It’s simple, hard to spot, and can scale fast.
AI Dependence at Coinbase Sparks Security Warnings
The bigger issue is what this says about AI adoption in crypto security. Coinbase developers are among the heaviest users of Cursor, and leadership has been public about its ambitions. Forty percent of Coinbase’s daily code is now AI-generated, with a target of over fifty percent by October 2025. That’s an extraordinary level of dependence for a company securing billions in digital assets. Several experts have already called it reckless. They see mandated AI coding quotas as an unnecessary gamble when trust and security should come first.
The CopyPasta Attack is not limited to Cursor. HiddenLayer also found vulnerabilities in Windsurf, Amazon’s Kiro, and Aider. These are widely used across the industry. If the attack goes unnoticed, it can stage backdoors, steal sensitive keys, or quietly break systems. Because it relies on invisible comments in files that AI agents handle automatically, the damage can spread organization-wide before anyone notices.
Cursor’s Troubled Security Track Record in Crypto
A $500,000 crypto heist was tied to its ecosystem in July, followed by several high-severity flaws disclosed in August. That track record, combined with the CopyPasta Attack, makes it clear the platform is becoming a frequent target. Each incident also underlines how attackers are adapting old tricks into new AI-driven forms. Researchers describe this as “Prompt Injection 2.0”. It blends social engineering with technical exploits to bypass defenses that weren’t designed for AI systems.
Industry reactions are split. Some, like Delphi Consulting, argue Coinbase is chasing appearances rather than solving real product issues. Others, including Tensor’s co-founder, believe the critics underestimate how quickly AI coding will mature, predicting it could generate the most high-quality code within five years if paired with strong review and testing. Both sides agree, however, that the risks are rising and the safeguards aren’t keeping pace.
Crypto Security Losses Already Reaching Billions in 2025
The context makes this disclosure even more pressing. Crypto platforms already lost over $3.1 billion in the first half of 2025, with AI-powered hacks playing a growing role. Nearly sixty percent of those losses came from access control failures. Introducing new AI attack surfaces only multiplies the problem. For a company like Coinbase, holding more than $420 billion in assets, even small oversights can cascade into systemic threats.
HiddenLayer has issued fixes in Cursor version 1.3, but patches alone won’t solve the bigger problem. The CopyPasta Attack is a reminder that AI coding is not just another productivity tool. In crypto security, it’s a potential liability if deployed without strict checks. Effective defenses require stronger review practices, separation of instructions from user input, and continuous monitoring designed for AI-specific threats. Anything less leaves room for the next wave of attacks.
This should be read as a warning for the entire sector. AI coding promises speed, but attackers are proving faster. The industry now faces a choice: slow down adoption until defenses catch up or continue racing ahead and risk repeating billion-dollar mistakes.

Follow us on Google News
Get the latest crypto insights and updates.
Related Posts

Nasdaq Crypto Rule Forces Investor Consent Before Bitcoin Buys
Hanan Zuhry
Author

South Korea Caps Crypto Lending Interest At 20 Percent

Ashutosh
Author

Paraguay to hold meeting on creating strategic Bitcoin Reserve

Ashutosh
Author