Futures
Access hundreds of perpetual contracts
CFD
Gold
One platform for global traditional assets
Options
Hot
Trade European-style vanilla options
Unified Account
Maximize your capital efficiency
Demo Trading
Introduction to Futures Trading
Learn the basics of futures trading
Futures Events
Join events to earn rewards
Demo Trading
Use virtual funds to practice risk-free trading
CFD
Stock CFD Derivatives
US Stocks
Access real US stocks and ETFs
HK Stocks
Trade quality Hong Kong-listed stocks
Korean Stocks
SK Hynix
Real Korean stocks and top assets
Stock Futures
High leverage, 24/7 trading
Tokenized Stocks
Backed by real stock assets
IPO Access
Unlock full access to global stock IPOs
GUSD
3.8%
Mint GUSD for Treasury RWA yields
Stocks Activities
Trade Popular Stocks and Unlock Generous Airdrops
Launch
CandyDrop
Collect candies to earn airdrops
Launchpool
Quick staking, earn potential new tokens
HODLer Airdrop
Hold GT and get massive airdrops for free
IPO Access
Unlock full access to global stock IPOs
Alpha Points
Trade on-chain assets and earn airdrops
Futures Points
Earn futures points and claim airdrop rewards
Promotions
AI
Gate AI
Your all-in-one conversational AI partner
Gate AI Bot
Use Gate AI directly in your social App
GateClaw
Gate Blue Lobster, ready to go
Gate for AI Agent
AI infrastructure, Gate MCP, Skills, and CLI
Gate Skills Hub
10K+ Skills
From office tasks to trading, the all-in-one skill hub makes AI even more useful.
AI fully automatic “ransomware attack” exposed! Code name: JadePuffer targets crypto wallets exclusively
Cybersecurity firm Sysdig on July 1 disclosed an attack codenamed JadePuffer. Researchers determined it was the first-ever ransomware attack fully and automatically executed by an AI Agent. A complete attack chain driven by an LLM agent—where it itself finished reconnaissance, stole credentials, performed lateral movement, escalated privileges to encrypted data—then debugged and fixed the issue within 31 seconds when an administrator login failed, and specifically targeted the victim’s cryptocurrency wallets. However, the actual execution still involved humans.
(Background: Microsoft Copilot Cowork reveals a major vulnerability: an AI Agent automatically leaks confidential corporate files when facing prompt injection attacks.)
(Additional context: Google and Meta researchers jointly urge: AI Agent security isn’t a model problem—it’s a systems problem.)
Table of contents
Toggle
Key takeaways
On July 1, cybersecurity firm Sysdig released a report disclosing an intrusion that occurred in late June, codenamed JadePuffer, and concluded that it was the** first recorded ransomware attack ever in which an AI Agent autonomously performed end-to-end execution**. This was an LLM-driven agent that completed the entire process itself: reconnaissance, credential theft, lateral movement, privilege escalation, and finally encrypting the database.
The entry point of the attack was a major vulnerability in the open-source framework Langflow, CVE-2025-3248 (a remote code execution vulnerability with a CVSS of 9.8—Langflow is a popular tool used to build LLM applications). The agent broke in through this, then used Nacos authentication bypass to jump to the production environment’s MySQL database, finally encrypting 1,342 Nacos configuration items and writing the ransomware note by itself.
Fixes its own bug in 31 seconds—so fast that no human could do it
Sysdig’s confidence that the attacker was AI rather than a human comes from several “not-quite-human” details. During the attack, the agent attempted to create an admin account but hit a bug: when the login failed, it returned an empty password hash. After reading the error message, it immediately changed its approach from calling a subroutine to directly importing the bcrypt function library, deleted the broken account, rebuilt it with the correct hash, and then logged in successfully—taking only 31 seconds from start to finish.
Across the entire operation, Sysdig captured more than 600 targeted payloads, and each segment included plain-language annotations explaining the purpose of the step, the priority order, and the handling logic. This “doing and chatting at the same time” coding style is a hallmark of LLM-generated code—human hackers rarely write this way.
Even more subtly, Sysdig found the attack process involved more than one model. While scouting, the agent conveniently collected API keys from OpenAI, Anthropic, Google, and DeepSeek.
Specifically scans encryption wallets
For the crypto world, the most important thing to pay attention to is the scavenging checklist. This agent was explicitly configured to scan the victim system for cryptocurrency wallets and seed phrases, while packaging credentials and database account details from cloud service providers (Alibaba Cloud, Tencent Cloud, Huawei Cloud).
This isn’t surprising. For years, cryptocurrency has been the top choice for ransomware payments—hard to track, cross-border, and not routed through banks. Now, AI lowers attack costs to almost nothing, and the assets themselves are also directly listed as targets. A workflow that used to require dividing tasks across an entire hacker team can now be replicated by an agent adding a few open-source tools.
But the victims are still hand-picked by humans
It may sound sensational, but there’s a key point here: although the technical execution chain was indeed completed autonomously by AI—and it can also adapt in real time—the one thing still decided by humans is “who to attack.” Humans selected the victims, set up the attack infrastructure, and handed the initially stolen credentials to the agent. The AI took over the hard labor in the second half. What gets automated is “how to attack,” not “who to attack.”
Common questions
What is JadePuffer? Why is it said to be the first AI fully automated ransomware attack in history?
JadePuffer is an attack incident disclosed by cybersecurity firm Sysdig in July 2026. It was a full ransomware workflow autonomously carried out by an LLM-driven AI agent—from reconnaissance and credential theft to lateral movement and privilege escalation to encrypted data—while it even wrote the ransomware note itself. Sysdig determined it was the first recorded ransomware attack end-to-end executed by AI.
What does this AI attack have to do with cryptocurrency?
This AI agent was set to specifically scan the victim system for cryptocurrency wallets and seed phrases, along with stealing API keys for OpenAI, Anthropic, Google, and DeepSeek, as well as cloud credentials. Cryptocurrency has long been the ransomware payment method of choice, and now the assets themselves are also a direct target.