244,000 AI Developers Downloaded What They Thought Was OpenAI and It Stole Their Crypto Wallets and…
Summary
On May 7, 2026, a malicious repository named "Open-OSS/privacy-filter" became the top trending item on Hugging Face, accumulating approximately 244,000 downloads and 667 likes. This fraudulent tool was meticulously crafted to mimic the legitimate OpenAI Privacy Filter, announced by OpenAI in April, replicating its language, formatting, and professional appearance. AI developers, mistaking it for the authentic offering, cloned it onto their machines. Upon execution, the setup script silently exfiltrated sensitive data, including browser cookies, saved passwords, banking credentials, cryptocurrency wallet files, VPN configurations, and SSH keys, from the victims' computers. This incident highlights a significant supply chain attack within the AI ecosystem.
Key takeaway
For AI Engineers and Machine Learning Engineers downloading tools from public repositories like Hugging Face, you must rigorously verify the authenticity of all software. This incident underscores the critical need to scrutinize repository origins, author credentials, and script contents before execution, even for trending or seemingly legitimate offerings. Implement isolated development environments and robust security practices to protect your sensitive data and cryptocurrency wallets from sophisticated supply chain attacks.
Key insights
A sophisticated supply chain attack exploited trust in AI platforms by mimicking a legitimate OpenAI tool to steal sensitive user data.
Principles
- Trust in established platforms like Hugging Face can be exploited.
- Sophisticated social engineering can deceive even technical experts.
- The AI ecosystem faces a fundamental trust problem.
Method
The attack involved creating a repository with a name and model card nearly identical to a legitimate OpenAI tool, then trending it on Hugging Face to induce downloads of a script that exfiltrated credentials and crypto wallets.
In practice
- Verify repository authenticity beyond surface appearance.
- Scrutinize setup scripts before execution.
- Isolate development environments for sensitive work.
Topics
- AI Supply Chain Security
- Hugging Face
- Cryptocurrency Theft
- Malware
- Social Engineering
- Data Exfiltration
Best for: CTO, VP of Engineering/Data, Director of AI/ML, AI Engineer, Machine Learning Engineer, AI Security Engineer
Related on AIssential
Editorial summary, takeaway, and curation by AIssential. Original article published by Artificial Intelligence in Plain English - Medium.