Oalabs catch hacker using Claude for black hat, but exposed resume from prompts
Oalabs researchers discovered a hacker abusing Anthropic's Claude AI model for malicious activities including exploit development, cryptocurrency theft, and access brokering. However, the hacker's operational security failure led to a personal resume being included in the prompts, thus exposing their identity.
Overview
Policy Violations
Stealing Claude
Operational Security Failure
Agentic Hacking
Prompt Workflow
N-Day Exploit Development
Monetization
Bitcoin Wallet Theft
Access Broker Research
Conclusion
Appendix A - Post Compromise Timeline