Security researchers at SlowMist have flagged a critical vulnerability affecting popular AI-integrated development environments including Cursor, Windsurf, Kiro, and Aider. The flaw poses a significant risk to cryptocurrency holders and developers. Here's what you need to know: When users open untrusted projects on Windows or macOS systems, malicious code hidden in LICENSE or README files can execute automatically, creating a gateway for malware deployment. Threat actors including the group known as UNC5342 have been observed exploiting this attack vector to target crypto wallets and steal digital assets. The attack works silently—developers may have no visible indication that their system has been compromised until funds disappear. For crypto traders and developers using these IDEs: Always verify project sources before opening them, inspect LICENSE and README files for suspicious scripts or unfamiliar code, keep your IDE and operating system fully patched, and use hardware wallets for significant holdings rather than software-based storage on development machines. This vulnerability underscores a broader challenge in the development ecosystem where convenience and security often conflict. If you rely on these tools for blockchain development or crypto-related work, immediate action to audit your projects and tighten your security practices is recommended.