The Hook
A critical security oversight in Cursor, the rapidly growing AI-powered code editor, has left cryptocurrency developers exposed to remote code execution (RCE) attacks. Research from Oasis Security reveals that Cursor ships with its "Workspace Trust" feature disabled by default, a deviation from VS Code’s security standards that allows malicious code to execute the moment a developer opens a compromised folder.
This is not a theoretical bug; it is a live supply-chain vector. Developers holding private keys, cloud credentials, or access to protocol governance can be compromised without running a build command or installing a package.
The Mechanism: .vscode/tasks.json
The vulnerability exploits a specific behavior in how Cursor handles task automation. In standard VS Code, "Workspace Trust" blocks automated tasks in untrusted folders. Cursor’s default configuration bypasses this check.
Attackers can weaponize this by embedding a malicious .vscode/tasks.json file in a repository with the instruction "runOn": "folderOpen". The result is silent and immediate:
"A malicious .vscode/tasks.json turns a casual ‘open folder’ into silent code execution in the user’s context. [This allows attackers] to steal secrets, modify files, or phone home from your machine," Oasis Security Research
For a crypto developer, the "user’s context" often includes unencrypted .env files, SSH keys for validator nodes, and hot wallet private keys.
The Institutional Risk
This vulnerability represents a significant asymmetry in risk. While protocol audits focus on smart contracts, the development environment itself remains a soft target. A single compromised laptop can serve as a bridgehead for attackers to pivot into CI/CD pipelines or inject backdoors into decentralized applications (dApps) before they are even deployed.
The flaw is particularly dangerous for open-source contributors who frequently clone and inspect third-party repositories. A legitimate-looking repo could trigger a payload simply by being viewed in Cursor.
Immediate Mitigation
The fix requires manual intervention. Cursor users must explicitly enable Workspace Trust in their settings to prevent unauthorized task execution. Security teams should also treat .vscode configurations in third-party repositories as untrusted code and audit them before opening in any editor.
