AI fully automatic “ransomware attack” exposed! Code name: JadePuffer targets crypto wallets exclusively

Cybersecurity firm Sysdig on July 1 disclosed an attack codenamed JadePuffer. Researchers determined it was the first-ever ransomware attack fully and automatically executed by an AI Agent. A complete attack chain driven by an LLM agent—where it itself finished reconnaissance, stole credentials, performed lateral movement, escalated privileges to encrypted data—then debugged and fixed the issue within 31 seconds when an administrator login failed, and specifically targeted the victim’s cryptocurrency wallets. However, the actual execution still involved humans.
(Background: Microsoft Copilot Cowork reveals a major vulnerability: an AI Agent automatically leaks confidential corporate files when facing prompt injection attacks.)
(Additional context: Google and Meta researchers jointly urge: AI Agent security isn’t a model problem—it’s a systems problem.)

Table of contents

Toggle

  • Fixing a bug by itself in 31 seconds—so fast that no human could do it
  • Scours encryption wallets
  • But the victims are still hand-picked

Key takeaways

  • Sysdig disclosed JadePuffer on 7/1, deeming it the first-ever ransomware attack fully executed by an AI Agent
  • The LLM agent autonomously ran the attack chain from reconnaissance to encryption; it fixed an admin login failure in 31 seconds, and ran over 600 payloads with plain-language comments
  • The agent targets crypto wallets and API keys for OpenAI, Anthropic, etc., but the victim selection and infrastructure setup were still done by humans

On July 1, cybersecurity firm Sysdig released a report disclosing an intrusion that occurred in late June, codenamed JadePuffer, and concluded that it was the** first recorded ransomware attack ever in which an AI Agent autonomously performed end-to-end execution**. This was an LLM-driven agent that completed the entire process itself: reconnaissance, credential theft, lateral movement, privilege escalation, and finally encrypting the database.

The entry point of the attack was a major vulnerability in the open-source framework Langflow, CVE-2025-3248 (a remote code execution vulnerability with a CVSS of 9.8—Langflow is a popular tool used to build LLM applications). The agent broke in through this, then used Nacos authentication bypass to jump to the production environment’s MySQL database, finally encrypting 1,342 Nacos configuration items and writing the ransomware note by itself.

Fixes its own bug in 31 seconds—so fast that no human could do it

Sysdig’s confidence that the attacker was AI rather than a human comes from several “not-quite-human” details. During the attack, the agent attempted to create an admin account but hit a bug: when the login failed, it returned an empty password hash. After reading the error message, it immediately changed its approach from calling a subroutine to directly importing the bcrypt function library, deleted the broken account, rebuilt it with the correct hash, and then logged in successfully—taking only 31 seconds from start to finish.

Across the entire operation, Sysdig captured more than 600 targeted payloads, and each segment included plain-language annotations explaining the purpose of the step, the priority order, and the handling logic. This “doing and chatting at the same time” coding style is a hallmark of LLM-generated code—human hackers rarely write this way.

Even more subtly, Sysdig found the attack process involved more than one model. While scouting, the agent conveniently collected API keys from OpenAI, Anthropic, Google, and DeepSeek.

Specifically scans encryption wallets

For the crypto world, the most important thing to pay attention to is the scavenging checklist. This agent was explicitly configured to scan the victim system for cryptocurrency wallets and seed phrases, while packaging credentials and database account details from cloud service providers (Alibaba Cloud, Tencent Cloud, Huawei Cloud).

This isn’t surprising. For years, cryptocurrency has been the top choice for ransomware payments—hard to track, cross-border, and not routed through banks. Now, AI lowers attack costs to almost nothing, and the assets themselves are also directly listed as targets. A workflow that used to require dividing tasks across an entire hacker team can now be replicated by an agent adding a few open-source tools.

But the victims are still hand-picked by humans

It may sound sensational, but there’s a key point here: although the technical execution chain was indeed completed autonomously by AI—and it can also adapt in real time—the one thing still decided by humans is “who to attack.” Humans selected the victims, set up the attack infrastructure, and handed the initially stolen credentials to the agent. The AI took over the hard labor in the second half. What gets automated is “how to attack,” not “who to attack.”

Common questions

What is JadePuffer? Why is it said to be the first AI fully automated ransomware attack in history?

JadePuffer is an attack incident disclosed by cybersecurity firm Sysdig in July 2026. It was a full ransomware workflow autonomously carried out by an LLM-driven AI agent—from reconnaissance and credential theft to lateral movement and privilege escalation to encrypted data—while it even wrote the ransomware note itself. Sysdig determined it was the first recorded ransomware attack end-to-end executed by AI.

What does this AI attack have to do with cryptocurrency?

This AI agent was set to specifically scan the victim system for cryptocurrency wallets and seed phrases, along with stealing API keys for OpenAI, Anthropic, Google, and DeepSeek, as well as cloud credentials. Cryptocurrency has long been the ransomware payment method of choice, and now the assets themselves are also a direct target.

View Original
This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.
  • Reward
  • Comment
  • Repost
  • Share
Comment
Add a comment
Add a comment
No comments
  • Pinned