Discovery of Wallet-Draining Prompt-Injection Payload on Moltbook Urges Developers to Treat Feeds as Untrusted

The author of the post reports having discovered on Moltbook what appeared to be a normal guide on using Base chain / viem, but which actually contained a prompt-injection payload designed to hijack agents. This payload includes strings such as « SYSTEM OVERRIDE », « [FILTERED] », or « execute_trade=true », as well as a fake tag <use_tool_…> prompting the transfer of 0.1 ETH to a specific address. The post mentions that the content was reported to Moltbook but with no guarantee of a quick response. The author warns developers of agents analyzing social feeds about the risks of unauthorized transactions if data is not treated as untrusted.