Cyber Attack cyber

Russian blockchain developer

Jul 11, 2025 1 min read
Russian blockchain developer

A sophisticated cybercrime operation successfully stole $500,000 in cryptocurrency assets from a Russian blockchain developer through a malicious extension targeting the Cursor AI integrated development environment. The attack involved exploiting a security-conscious developer who inadvertently installed a malicious package masquerading as a legitimate development tool. The malicious extension, published under the name 'Solidity Language,' had accumulated 54,000 downloads before being detected and removed. The attackers leveraged the Open VSX registry’s relevance-based ranking system to position their malicious extension above legitimate alternatives.

Source: https://cybersecuritynews.com/hackers-stolen-500000-in-crypto-assets/

TPRM report: https://scoringcyber.rankiteo.com/company/b41-blockchain-development

"id": "b41346071125",
"linkid": "b41-blockchain-development",
"type": "Cyber Attack",
"date": "7/2025",
"severity": "50",
"impact": "2",
"explanation": "Attack limited on finance or reputation"
{'affected_entities': [{'industry': 'Blockchain Development',
                        'location': 'Russia',
                        'name': 'Russian blockchain developer',
                        'type': 'Individual'}],
 'attack_vector': 'Malicious Software Extension',
 'date_detected': 'June 2025',
 'description': 'A sophisticated cybercrime operation has successfully stolen '
                '$500,000 in cryptocurrency assets from a Russian blockchain '
                'developer through a malicious extension targeting the Cursor '
                'AI integrated development environment.',
 'impact': {'financial_loss': '$500,000', 'systems_affected': 'Cursor AI IDE'},
 'initial_access_broker': {'backdoors_established': 'ScreenConnect remote '
                                                    'management software',
                           'entry_point': 'Malicious extension in Cursor AI '
                                          'IDE',
                           'high_value_targets': 'Cryptocurrency assets'},
 'motivation': 'Financial Gain',
 'post_incident_analysis': {'root_causes': 'Use of malicious extension in '
                                           'Cursor AI IDE'},
 'references': [{'source': 'Securelist'}],
 'title': 'Cryptocurrency Theft via Malicious Cursor AI IDE Extension',
 'type': 'Supply Chain Attack',
 'vulnerability_exploited': 'Trust in AI-assisted development tools'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.