ChainCatcher report, according to CriptoNoticias, an independent security researcher has disclosed a prompt injection vulnerability in Coinbase AgentKit, allowing attackers to manipulate malicious commands to induce the AI agent to execute unauthorized token transfers without human confirmation.The vulnerability has been verified through actual transactions on the Base Sepolia testnet. Additionally, the researcher noted that the flaw exposes an infinite approval process for ERC-20 tokens and grants access to remote servers within the same execution context of the agent, extending the risk beyond mere wallet draining—though the report does not specify which particular infrastructure may be affected.The vulnerability was submitted to Coinbase’s bug bounty program in February and was officially validated, ultimately classified as medium severity with a $2,000 reward. However, the researcher emphasized that the real-world impact far exceeds the official severity rating.Source:Show originalDisclaimer: The information on this page may have been obtained from third parties and does not necessarily reflect the views or opinions of KuCoin. This content is provided for general informational purposes only, without any representation or warranty of any kind, nor shall it be construed as financial or investment advice. KuCoin shall not be liable for any errors or omissions, or for any outcomes resulting from the use of this information.Investments in digital assets can be risky. Please carefully evaluate the risks of a product and your risk tolerance based on your own financial circumstances. For more information, please refer to our Terms of Use and Risk Disclosure.
