The prompt injection vulnerability in Coinbase AgentKit has been addressed, but the actual impact has been significantly underestimated
According to CriptoNoticias, an independent security researcher disclosed a prompt injection vulnerability in Coinbase AgentKit, allowing attackers to induce the AI agent to execute unauthorized token transfers through malicious commands, without the need for human confirmation.
The vulnerability has been validated through actual transactions on the Base Sepolia test network. Additionally, the researcher pointed out that the vulnerability also exposes the infinite approval process for ERC-20 tokens, as well as access to remote servers within the same execution context of the agent, extending the risk beyond just wallet depletion; however, the report did not detail which specific infrastructures might be affected.
The vulnerability was submitted to the Coinbase bug bounty program in February and was officially validated, ultimately classified as medium severity and a bounty of $2,000 was paid. However, the researcher emphasized that the actual impact of the vulnerability is far greater than the official rating.
You may also like
The arrival of the Web 3.0 era: A review of Hong Kong court rulings on digital assets
Track Markets At a Glance: New WEEX Price Widgets for iOS & Android
To streamline your market data access, WEEX has officially launched "Market Watchlist" desktop widgets
The billion-dollar lesson: The focus of DeFi security is shifting from code to operational governance
A Brief Analysis of Stablecoin Licenses and On-Chain Funding
BVNK Founder: Three Stages of Stablecoin Development
The truth about Trump's son's Bitcoin game: he made a staggering $100 million while retail investors lost $500 million
What Is Futures Trading? Hours, Platforms, and How to Start Trade Futures(2026 Guide)
Learn how to start futures trading, understand trading hours, and choose the best futures trading platform. Includes real data, strategies, and ways to maximize returns with rebates.
The Rise of Composable RWA
MAGA Up 350% in 24 Hours, PEPE Up 46% in One Day: Which Memecoins Are Next in 2026?
MAGA +350% in 24hrs. PEPE +46% in one day. RAVE +4,500% then -90%. In 2026's memecoin market, the gains are real. So are the traps? Here's how to tell the difference before you buy.
RCD Espanyol vs Real Madrid: Can the Pericos Delay the Inevitable?
RCD Espanyol vs Real Madrid lineups, standings, and stats for May 3, 2026. Real Madrid visits RCDE Stadium as Barcelona closes in on the LALIGA title. Full preview inside.
MegaETH goes live with an FDV exceeding 2 billion USD. Which ecological projects are worth paying attention to?
Dialogue with "Wood Sister" Cathie Wood: The next bull market is about to arrive
Can prediction markets win the competition for perpetual contracts?
Who is trading on Trade.xyz?
Binance quietly placed a bet on a leading large model company
Best Crypto Discord Server 2026: Why Jacob’s Crypto Clan Is Gaining Massive Attention
Jacob’s Crypto Clan has grown into one of the most active crypto Discord communities, with over 45K members and continuing to expand. This rapid growth reflects strong demand for structured trading insights and real-time collaboration.
Tom Lee Buying ETH: Why Wall Street’s Loudest Ethereum Bull Keeps Doubling Down
Tom Lee keeps buying ETH through every dip, every drawdown, and every moment of market doubt. Inside the strategy that's turning Ethereum into a treasury asset — and what it signals for the rest of the market.
Stripe Sessions 2026: AI Agent, Global Payments, and Invisible Crypto Infrastructure
The arrival of the Web 3.0 era: A review of Hong Kong court rulings on digital assets
Track Markets At a Glance: New WEEX Price Widgets for iOS & Android
To streamline your market data access, WEEX has officially launched "Market Watchlist" desktop widgets
The billion-dollar lesson: The focus of DeFi security is shifting from code to operational governance
A Brief Analysis of Stablecoin Licenses and On-Chain Funding
BVNK Founder: Three Stages of Stablecoin Development
The truth about Trump's son's Bitcoin game: he made a staggering $100 million while retail investors lost $500 million
