Buy Crypto- Markets
Futures- Spot
- Copy Trade
- Earn
- More
The prompt injection vulnerability in Coinbase AgentKit has been addressed, but the actual impact has been significantly underestimated
According to CriptoNoticias, an independent security researcher disclosed a prompt injection vulnerability in Coinbase AgentKit, allowing attackers to induce the AI agent to execute unauthorized token transfers through malicious commands, without the need for human confirmation.
The vulnerability has been validated through actual transactions on the Base Sepolia test network. Additionally, the researcher pointed out that the vulnerability also exposes the infinite approval process for ERC-20 tokens, as well as access to remote servers within the same execution context of the agent, extending the risk beyond just wallet depletion; however, the report did not detail which specific infrastructures might be affected.
The vulnerability was submitted to the Coinbase bug bounty program in February and was officially validated, ultimately classified as medium severity and a bounty of $2,000 was paid. However, the researcher emphasized that the actual impact of the vulnerability is far greater than the official rating.
You may also like
The Bounce is a Illusion? The Bond Market Has Answered
The Flip Side of the Stock Market Rally: Energy Reconfiguration, Bitcoin Short Squeeze, and Market Dislocation
Claude's Request for Identity Verification Prompts Reflection from a Relay Operator
PinPet × VELA: Solana's First Atomic Swap Engine and Yield Hedging Protocol, Reframing the DeFi Financial Paradigm
From Coinbase to OpenAI: When lobbying experts start to flee crypto
Understanding the Key Issues of Tokenization in One Article
Silicon Valley Entrepreneurship Guru Steve Blank: In the AI Era, Startups Over Two Years Old Should Reboot
How Dangerous Is Mythos? Why Anthropic Has Decided Not to Release the New Model
These 25 Claude Power Words to Help You Gain an Extra 15 Hours Every Week
From 'Silicon Valley Sneaker' to 'GPU Hashrate': The Absurdity and Logic of Allbirds' Rebranding to NewBird AI
2026 Report on Investor Relations and Token Transparency in the Cryptocurrency Industry
Bitget UEX Daily Report | US-Iran ceasefire negotiations progress; S&P 500 breaks 7000 for the first time; TSMC and Netflix to release earnings today (April 16, 2026)
Morning Report | Kraken secretly submitted for a U.S. IPO; eToro acquires crypto wallet provider Zengo; Bitmine announces Q1 financial report
Cryptocurrency VC collectively boosts presence, is the market starting to bottom out and rebound?
Bhutan Government Moves 250 BTC to New Wallet
Key Takeaways The Royal Government of Bhutan has transferred 250 Bitcoin to a new wallet. The transferred Bitcoin…
Binance’s Strategic Delisting of Trading Pairs Enhances Market Health
Key Takeaways Binance has decided to remove 23 spot trading pairs, focusing on those with low liquidity and…
Ancient Bitcoin Whale Awakens: 500 BTC Transferred
Key Takeaways An ancient Bitcoin whale, dormant for 14.5 years, has made a significant transfer. The whale originally…
Polkadot Cross-Chain Bridge Attacker Diverts Funds via Tornado Cash
Key Takeaways Attackers targeted the Polkadot cross-chain bridge, stealing $269,000. All stolen funds were transferred to the privacy-focused…
App