2026-01-08 07:22:32

Claude Code exposes serious vulnerabilities, hackers take the opportunity to target crypto users

The security team recently detected a real attack incident—Claude Code was found to have privilege escalation and command execution vulnerabilities (CVE-2025-64755). The most frightening part is that attackers can execute commands without you even needing to click confirm. This vulnerability has already been actively exploited by hackers, making users in the crypto space the primary targets.

If you are using Claude to handle wallet private keys, transaction scripts, or other sensitive operations, you need to be extra cautious now. These AI tools are increasingly becoming part of daily collaboration, but once security flaws are exploited, the consequences can be very serious.

View Original

This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.

19 Likes

Reward
19
7
Repost
Share

Comment

0/400

DataChief

· 01-11 01:33

Damn, Claude has also fallen? Why are so many AIs unable to ensure security? Can execute without clicking confirm? That's so outrageous, it's basically GG. I've been running scripts with Claude all along, now I'm a bit panicked. Claude really needs to be fixed, this is like sending a hacker a big gift pack. It feels increasingly dangerous to handle sensitive stuff with these AI tools, I need to change my habits. Every week there's a new vulnerability, can't even defend against all of them. Crypto folks are the most unfortunate, everything is a target. By the way, how serious is this vulnerability? Has anyone tested it?

View OriginalReply0

RugPullSurvivor

· 01-10 09:01

Really? Claude got getshell directly? I was using it daily to write contract code before... Quickly stop any activities related to private keys.

View OriginalReply0

CoinBasedThinking

· 01-08 07:52

Damn, it's Claude again. I already said not to give AI things like private keys... It can execute without clicking confirm? This is too outrageous. The crypto circle is going to get screwed again. Friends who use Claude frequently, quickly do a self-check, so you don't become the unwitting victim.

View OriginalReply0

BearMarketNoodler

· 01-08 07:45

Once again, an AI tool has experienced a failure, this time it's Claude. Really need to be careful. It's better not to post private keys on such platforms.

View OriginalReply0

CryptoGoldmine

· 01-08 07:43

This vulnerability really hits home. I previously used Claude to run several trading scripts, and now I think about it, I’m a bit scared. Never put your private keys into AI tools. The security of computing power networks is much more reliable than that. Hackers executing commands directly? When you calculate the return on investment cycle, it’s really not worth it. Losing a wallet could mean several months of mining income. It’s time to re-evaluate the role of AI tools in the trading process. From an ROI perspective, the security costs must now be increased.

View OriginalReply0

MEVSupportGroup

· 01-08 07:38

Whoa, isn't Claude also insecure now? I was still using it to write trading scripts... --- This is the end, private keys are all handed over to AI, hackers are coming directly? --- Wait, why is it especially targeting crypto users? Are we so valuable? Haha --- No confirmation needed for privilege escalation vulnerabilities? Is this real? That's a bit outrageous. --- Quickly disable Claude Code, don't wait until the day your wallet is emptied to regret it. --- So this is why that guy's coins are gone, I was wondering how it happened for no reason... --- Using AI to handle sensitive operations is basically gambling with your life? I should migrate the code. --- Note down CVE-2025-64755, asking about it reveals there's no vulnerability.

View OriginalReply0

SmartContractRebel

· 01-08 07:23

Damn, you can execute without confirmation? That's too hardcore, no wonder hackers are targeting crypto bros. Really? Has anyone used this to do work? It feels scary. Claude handling private keys? I haven't trusted any AI tools that much. This vulnerability seems like it will cause a lot of people to get caught... Wait, does this mean there are actual attack cases? I need to check my own transaction records quickly. Wow, using AI to write trading scripts is now considered high-risk operations. Web3 is really incredible. But on the other hand, the developers released a patch so quickly, it feels a bit suspicious.

View OriginalReply0