OpenAI’s Co-Pilot AI coding assistant can deliver private keys to real cryptocurrency wallets. The registry writes about it.

According to one of the developers, Copilot suddenly offered something similar to the private key of the cryptocurrency wallet. It turned out to be linked to a real account.

“I was shocked. A private key is like a lock on your treasure: if leaked, your assets can be stolen,” said the programmer.

Another developer suggested Copilot pull information from open GitHub repositories. The artificial intelligence assistant recalled the publicly available data and added, “bringing it to the surface” when prompted.

It looks like the private key appeared in the public GitHub repositories. The programmers assumed it was created for testing purposes. The wallet is active and has been used to send and receive real coins.

Some developers also managed to find private keys. It turns out that they are tied to other crypto wallets, some of which contain small amounts of money.

Former OpenAI researcher Ari Herbert-Voss suggested that the keys were leaked because they were kept in the public domain.

“People were very excited that this was another way to find dump wallets, but keep in mind that it’s all in the public domain anyway,” he said.

Herbert-Voss suggested that potentially valuable accounts have already been drained.

“The real risk is that someone does not pay attention and continues to use the compromised wallet,” he added.

OpenAI has previously announced that it will add a personal information filter to Copilot that will remove personal data such as phone numbers and home addresses from the training sets.

Recall that in June 2021 GitHub introduced the Copilot code autocomplete tool. The Assistant was created in collaboration with OpenAI, based on the Codex language model.

In July, the tool was suspected of copying copyrighted code snippets.

In October, researchers discovered that 30% of the new code on GitHub was written using Copilot.