Why ‘wrench attacks' on wealthy crypto holders are on the rise
Advertisement
Some of the crypto's key characteristics help explain why wealthy individuals who hold a lot of digital assets can be ripe targets for such attacks.
Get Starting Point
A guide through the most important stories of the morning, delivered Monday through Friday.
Enter Email
Sign Up
The draw
Cryptocurrencies like bitcoin offer traders full control of their funds without the need for a bank or permission from a government to buy, sell or hold it. The trade-off is that if funds are lost or stolen, there can be no way to get them back.
Self-reliance is a key ethos of crypto. Securing and controlling one's private keys, which are like passwords used to access one's crypto holdings, is viewed as sacrosanct among many in the crypto community. A popular motto is 'not your keys, not your coins.'
Transactions on the blockchain, the technology that powers cryptocurrencies, are permanent. And unlike cash, jewelry, gold or other items of value, thieves don't need to carry around stolen crypto. With a few clicks, huge amounts of wealth can be transferred from one address to another.
Advertisement
In the case in New York, where two people have been charged, a lot of details have yet to come out, including the value of the bitcoin the victim possessed.
Crypto thefts
Stealing cryptocurrency is almost as old as cryptocurrency itself, but it's usually done by hacking. North Korean state hackers alone are believed to have stolen billions of dollars' worth of crypto in recent years.
In response to the threat of hacking, holders of a large amount of crypto often try and keep their private keys off the internet and stored in what are called 'cold wallets.' Used properly, such wallets can defeat even the most sophisticated and determined hackers.
But they can't defeat thieves who force a victim to give up their password to access their wallets and move money.
The case in New York is the latest in a string of high-profile wrench attacks. Several have taken place in France, where thieves cut off a crypto executive's finger.
Mitigation
Experts suggest several ways to mitigate the threats of wrench attacks, including using wallets that require multiple approvals before any transactions.
Perhaps the most common way crypto-wealthy individuals try to prevent wrench attacks is by trying to stay anonymous. Using nicknames and cartoon avatars in social media accounts is common in the crypto community, even among top executives at popular companies.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Yahoo
3 hours ago
- Yahoo
Some people are defending Perplexity after Cloudflare ‘named and shamed' it
When Cloudflare accused AI search engine Perplexity of stealthily scraping websites on Monday, while ignoring a site's specific methods to block it, this wasn't a clear-cut case of an AI web crawler gone wild. Many people came to Perplexity's defense. They argued that Perplexity accessing sites in defiance of the website owner's wishes, while controversial, is acceptable. And this is a controversy that will certainly grow as AI agents flood the internet: Should an agent accessing a website on behalf of its user be treated like a bot? Or like a human making the same request? Cloudflare is known for providing anti-bot crawling and other web security services to millions of websites. Essentially, Cloudflare's test case involved setting up a new website with a new domain that had never been crawled by any bot, setting up a file that specifically blocked Perplexity's known AI crawling bots, and then asking Perplexity about the website's content. And Perplexity answered the question. Cloudflare researchers found the AI search engine used 'a generic browser intended to impersonate Google Chrome on macOS' when its web crawler itself was blocked. Cloudflare CEO Matthew Prince posted the research on X, writing, 'Some supposedly 'reputable' AI companies act more like North Korean hackers. Time to name, shame, and hard block them.' But many people disagreed with Prince's assessment that this was actual bad behavior. Those defending Perplexity on sites like X and Hacker News pointed out that what Cloudflare seemed to document was the AI accessing a specific public website when its user asked about that specific website. 'If I as a human request a website, then I should be shown the content,' one person on Hacker News wrote, adding, 'why would the LLM accessing the website on my behalf be in a different legal category as my Firefox web browser?' A Perplexity spokesperson previously denied to TechCrunch that the bots were the company's and called Cloudflare's blog post a sales pitch for Cloudflare. Then on Tuesday, Perplexity published a blog in its defense (and generally attacking Cloudflare), claiming the behavior was from a third-party service it uses occasionally. But the crux of Perplexity's post made a similar appeal as its online defenders did. 'The difference between automated crawling and user-driven fetching isn't just technical — it's about who gets to access information on the open web,' the post said. 'This controversy reveals that Cloudflare's systems are fundamentally inadequate for distinguishing between legitimate AI assistants and actual threats.' Peplexity's accusations aren't exactly fair, either. One argument that Prince and Cloudflare used for calling out Perplexity's methods was that OpenAI doesn't behave in the same way. 'OpenAI is an example of a leading AI company that follows these best practices. They respect and do not try to evade either a directive or a network level block. And ChatGPT Agent is signing http requests using the newly proposed open standard Web Bot Auth,' Prince wrote in his post. Web Bot Auth is a Cloudflare-supported standard being developed by the Internet Engineering Task Force that hopes to create a cryptographic method for identifying AI agent web requests. The debate comes as bot activity reshapes the internet. As TechCrunch has previously reported, bots seeking to scrape massive amounts of content to train AI models have become a menace, especially to smaller sites. For the first time in the internet's history, bot activity is currently outstripping human activity online, with AI traffic accounting for over 50%, according to Imperva's Bad Bot report released last month. Most of that activity is coming from LLMs. But the report also found that malicious bots now make up 37% of all internet traffic. That's activity that includes everything from persistent scraping to unauthorized login attempts. Until LLMs, the internet generally accepted that websites could and should block most bot activity given how often it was malicious by using CAPTCHAs and other services (such as Cloudflare). Websites also had a clear incentive to work with specific good actors, such as Googlebot, guiding it on what not to index through Google indexed the internet, which sent traffic to sites. Now, LLMs are eating an increasing amount of that traffic. Gartner predicts that search engine volume will drop by 25% by 2026. Right now humans tend to click website links from LLMs at the point they are most valuable to the website, which is when they are ready to conduct a transaction. But if humans adopt agents as the tech industry predicts they will — to arrange our travel, book our dinner reservations, and shop for us — would websites hurt their business interests by blocking them? The debate on X captured the dilemma perfectly: 'I WANT perplexity to visit any public content on my behalf when I give it a request/task!' wrote one person in response to Cloudflare calling Perplexity out. 'What if the site owners don't want it? they just want you [to] directly visit the home, see their stuff' argued another, pointing out that the site owner who created the content wants the traffic and potential ad revenue, not to let Perplexity take it. 'This is why I can't see 'agentic browsing' really working — much harder problem than people think. Most website owners will just block,' a third predicted.
CNN
6 hours ago
- CNN
This may look like any other profile photo you'd see on a
In recent years, thousands of North Korean IT workers have used stolen and made-up US identities to pose as Western developers, engineers, and tech consultants to funnel hundreds of millions of dollars a year to Pyongyang's military programs. 'They're everywhere, all over the Fortune 500,' said Michael Barnhart, Principal i3 Insider Risk Investigator at cybersecurity firm DTEX. The North Koreans rely on help from open-source AI and even live face-masking software to hide their true identities and locations during video calls from countries such as China, Laos and Russia. But their ability to embed themselves in corporate America doesn't rely on trickery alone. It requires help from inside the United States. How the operation works LaptopFacilitatorRemote accessRemoteworkersLaptopfarmUScompaniesNorth KoreanIT WorkerUScompany Facilitators in the US help North Korean operatives steal identities and access American financial systems. US companies send them laptops that the North Koreans use to log into corporate networks. Facilitators with many laptops are said to be running 'laptop farms.' Experts say it's difficult to estimate the total number of workers as many of them run multiple identities and work several jobs at the same time. One American woman, Christina Marie Chapman, was last month sentenced to eight-and-a-half years in prison for helping these operatives land jobs at more than 300 companies, generating over $17 million for Kim's heavily sanctioned regime. A prolific TikToker, Chapman charted her remarkable rise in public videos from poverty to international travel, courtesy of a new job in 'a computer business,' that US investigators used to build their case. Chapman is not the only US resident to have participated in the scheme. Recently unsealed federal indictments show other US-based facilitators played a crucial role in the operation – laundering paychecks, stealing identities and running 'laptop farms' that allowed North Korean workers to appear as if they were physically present inside the country. The stealthy operation has allowed North Korea, formally known as the Democratic People's Republic of Korea (DPRK), to circumvent international sanctions, exploit remote hiring practices, and quietly generate hundreds of millions of dollars annually, according to the US Department of Justice – often without employers ever realizing they've hired a North Korean operative. This puts them at risk of violating US sanctions which bar doing business with North Korean individuals or organizations. 'If you take away looking at them as a government and start thinking of them more as kind of a mafia, everything falls into place,' said Barnhart. The DPRK Foreign Ministry addressed the issue in July after the US offered a reward of up to $5 million for information on several North Korean nationals over the alleged IT worker scheme. Rejecting the allegations as an 'absurd smear campaign,' the ministry accused the US of 'fabricating groundless cyber drama.' Drawing on exclusive data sourced from North Korean computers, court records, and interviews with cybersecurity experts and US officials, a CNN investigation reveals the full scope of this scheme – showing how North Korea has turned remote work culture into an effective tool for generating foreign currency and funding its weapons programs, according to a US assessment, putting national security at risk. North Korea showcases military hardware at a parade in Pyongyang in February 2023. Korean Central TV Kim Jong Un's remote workforce Unlike North Korea's more high-profile cyber operations – like billion-dollar crypto thefts or ransomware campaigns – the IT worker scheme is a state-sponsored effort that seeks to place North Korean operatives in Western companies, not as saboteurs, but as employees, experts say. Evolving out of the North Korean scams of the 90s, like fake $100 bills under late leader Kim Jong Il, his son and successor has taken the scam operation online. 'Kim Jong Un is a millennial, and so he has gravitated toward technology a lot more than his father did,' said Barnhart. 'The IT workers are a very large force that they are wanting to continue to beef up.' Barnhart belongs to a group of tight-knit internet sleuths and cybersecurity professionals leading the charge in hunting down North Korean IT workers. For many of them it's more than just a job – Barnhart has a tattoo for every DPRK cyber unit he has busted. North Korean leader Kim Jong Un gives field guidance at the Sci-Tech Complex, in this undated photo released by North Korea's Korean Central News Agency (KCNA) in Pyongyang October 28, 2015. KCNA/Reuters With antiquated technology and little access to unrestricted internet within North Korea, most of these operations are run from abroad. Southeast Asia, and parts of China and Russia near the North Korean border are among the preferred staging areas thanks to their proximity and friendly relations with the regime, according to US prosecutors and cybersecurity experts. Fake resumes and rehearsed lines powered by AI Exclusive datasets, including browser histories and ChatGPT searches from over a dozen North Korean computers, obtained by researchers through open-source analysis and shared with CNN reveal how they engage AI to create job-seeking personas. The datasets show the IT workers looking up LinkedIn and other job-seeking platforms thousands of times, in a matter of months, with some profiles applying for dozens of jobs. Records of their browser histories also confirm what can be seen in their profiles and resumes – consistent use of AI faceswap software, VPNs, remote working software and a heavy reliance on ChatGPT and Google Translate. These operatives are not just using AI to write code or automate tasks – they're using it to fabricate identities, conduct interviews, mimic cultural fluency, and automate applications to apply for jobs en masse. Generic nameCommonly used past experience Many of the fake profiles use common Western names like Paul, Jeremy and Joe, and list previous work experience at major US companies and degrees from prestigious universities. They also alter stock photos using AI to generate fake headshots. These resumes can be enough to secure job interviews, but in video calls they look nothing like their profile photos. On camera they stumble through rehearsed lines about career goals and work ethic, experts and recruiters told CNN. In some cases, they use AI to help them answer the interviewers' questions in real time, or to alter their faces and hide their identity. 'AI is very important to them,' said Barnhart. 'It helps out everything else they're doing.' Outside the professional sphere, AI is also a cultural crutch – helping North Korean workers adapt to American customs and office small talk. ChatGPT records connected to North Korean computers show them asking for New Year's resolutions, guidance on Thanksgiving greetings, and explanations of American football rules. The North Koreans were early adopters of AI tools such as ChatGPT, according to Evan Gordenker, Consulting Director of Unit 42, the threat intelligence arm of cybersecurity firm Palo Alto Networks. He said they were such prolific users of early open-source AI models that they made significant contributions to training and developing the AI we use today. 'Just ask them about who they are and they fall apart' Once you've learned how to spot a North Korean on a job-seeking site, it's hard to not see them everywhere, but the sheer number of automated applications they submit can inundate companies that often outsource their recruiting. Human risk management company KnowBe4 estimates they've received at least 100 applications from suspected North Korean IT workers in the past year. And last summer, they inadvertently hired one. The company needed a software engineer for its internal IT AI team and posted a job advertisement on the company's website as well as external platforms. After going through the usual recruitment process, they hired a person and mailed them their work laptop. As soon as the laptop was received on the other end, it began downloading malware. Brian Jack, KnowBe4's chief information security officer, suspects an American facilitator set off internal alarms by downloading remote working software. The company immediately terminated the new employee and asked for the return of the laptop. It came back in its original packaging with one key addition – a post-it note with the word 'KnowBe4' stuck on it, which Jack said indicates it may have come from a laptop farm. North Korean IT workers inside an office at an undisclosed location. US Department of Justice Since that day, Jack said he's been tasked with making sure a North Korean never slips through the cracks again, and KnowBe4 is now known as one of the leading companies in tracking DPRK workers. Rather than choosing to expose suspected North Korean applicants by asking them about Kim Jong Un or the DPRK regime, Jack prefers a more subtle approach – asking them about their favorite restaurants and hobbies. 'Just ask them about who they are and they fall apart,' Jack said. Most North Koreans' lives are heavily regulated by the state, with no connection to the outside world under the Kim family rule. The North Korean IT workers certainly enjoy a degree of freedom and privilege compared to their compatriots back home, but experts say it's hard to discern how closely they are being monitored, or if their families are being used as leverage. Photos shared by DTEX of a North Korean IT worker office show a CCTV camera looking over a small room, with bare, white walls, where a handful of workers are using computers at cluttered desks. A North Korean tech worker poses inside an office. DTEX There's a watercooler in the corner, and what appears to be laundry drying on a rack. 'There are North Korean victims in this, too,' said Jack. 'People don't get to choose where they're born, so they just got to make the best of what they're doing.' But to make this scheme work, the North Koreans needed help – from within the US. Rags to riches To her 100,000 TikTok followers, Chapman seemed to be a typical suburban, middle-aged American. She shared healthy eating tips in selfie videos posted online. Off camera, she was engaged in covert activity that could have seen her jailed for life. According to a 2024 indictment, Chapman became entangled in the IT worker scheme around October 2020, just as the Covid-19 pandemic was sweeping the US, and companies were quickly transitioning to remote work. In a LinkedIn message, Chapman was approached by someone asking her to 'be the US face' of a company and assist in helping remote IT workers secure jobs in the US, despite having no experience in the tech industry herself. Around that time Chapman had been posting about her financial struggles on TikTok. Shortly after, her North Korean contacts began applying to US companies and government agencies, submitting false information from Chapman to the Department of Homeland Security as proof of employment eligibility, according to the indictment. Simultaneously, Chapman sent false information to verify these workers' identities to the companies and, once the North Koreans had secured jobs, received their company-issued laptops. Using login details supplied by their new employers, Chapman installed remote working software on the laptops, allowing the North Koreans to access them from outside the US. By early 2023, Chapman's TikTok videos showed a very different life. Work was picking up. @bestlifethrift/TikTok No longer was she crying and begging for handouts. Now living in a 2,000 sq. ft. home in Litchfield Park, Arizona, with four bedrooms and two bathrooms, Chapman posted videos of her chihuahuas playing in the backyard. She began posting about early starts, her work life and clients. 'I start at 5:30, go straight to my office which is the next door away from my bedroom. Then I start taking care of my clients. Computer business. It's now almost noon, and I'm just now getting to eat,' she says, biting into a piece of watermelon. A message exchange from November 2022 Chapman and 'AT,' a remote North Korean IT worker, offers a revealing look at her working day. At one point, Chapman was even asked to join a Microsoft Teams meeting between AT and their employer to help resolve technical issues. Chapman initially expressed concern about having to join the meeting, but was able to suggest an explanation AT could use. Chapman also shipped dozens of work laptops to Liaoning – a province of China that borders North Korea, according to the DOJ indictment. Images obtained and geolocated by CNN showed workers living relatively freely in Liaoning, as well as Laos, dining at restaurants, singing karaoke and chartering yachts. Photos published by the DOJ show what appears to be Chapman's office in 2023. Rows of labeled laptops sit on open shelves in a small room that federal investigators say she used to perpetrate a "staggering fraud on a multitude of industries." At one point, Chapman handled as many as 90 laptops for the DPRK IT workers, the DOJ said. Among the companies targeted was the shoe giant Nike, which unwittingly paid more than $75,000 to a North Korean employee and subsequently conducted a review to confirm there was no data breach. Computers and other electronic equipment inside the laptop farm at Chapman's home. United States District Court for the District of Columbia Chapman attached notes to identify the companies and identities associated with each device. United States District Court for the District of Columbia Of the 68 stolen identities that Chapman and her group of North Korea IT workers used, CNN was able to trace one identity with computer data provided by Palo Alto Network's Unit 42. "Breeyan Cornelius' was a stolen identity used by several North Korean IT workers, according to Gordenker, Consulting Director at Unit 42. He told CNN the real Cornelius was a bus driver living in California. CNN reached out to Cornelius but did not receive a response. The North Korean worker behind the fictitious 'Breeyan Cornelius' profile. Unit 42, Palo Alto Networks CNN reviewed computer data belonging to the North Koreans operating under the name 'Breeyan Cornelius' and found dozens of IT-related job applications and searches at American companies. In some cases, companies replied and even offered job interviews to the North Korean. In a fake resume, 'Breeyan Cornelius' claimed to be a 'Well-qualified Full Stack Developer familiar with wide range of programming utilities and languages.' The resume also claimed he graduated from The University of Tennessee at Chattanooga with a Bachelor of Science in Computer Science in 2014. Under work history, the profile also claimed previous employment at Bank of America and German pharmaceutical giant Bayer. 'We understand he operates in Liaoning,' Gordenker said, referring to the Chinese province that shares a lengthy border with North Korea. A few years into her new job, Chapman was enjoying the new income stream, travelling to Fukuoka and Tokyo to watch – and meet – a Japanese boyband. Videos from the trip show her marveling at the 'chic' lobby, touring her 'adorable' hotel room and gushing about all the new Japanese foods she'd been trying. Text messages from around the same time show her growing nervous about handling federal documents, according to the indictment. 'I can go to FEDERAL PRISON for falsifying federal documents,' she said in one message in August 2023, to a group that included several co-conspirator overseas IT workers. Shortly after, her life began to unravel. In late October 2023, the FBI executed a search warrant at her home in Litchfield Park. Photo of Chapman from the search warrant. Federal Bureau of Investigation Photo of Chapman's home from the search warrant. Federal Bureau of Investigation By March 2024, Chapman posted a TikTok video describing her struggles: 'I need help and I'm really bad at asking,' she said. 'I haven't worked since the end of October, and that's not by choice, I lost my job and I've gone through all of my savings.' She was arrested in May 2024, and legal proceedings began. By August, the toll was evident. She posted another plea on TikTok: 'I have been struggling quite a bit financially, and I did lose my house, I have to be out by tomorrow morning,' she said. 'If anyone is willing, five, 10 dollars.' Around this time, she began selling products on various websites, including artwork, books, custom poems, and 'credit fixing assistance.' In February 2025, Chapman ended her legal troubles by waiving her right to a jury trial and pleading guilty to conspiracy to commit wire fraud, aggravated identity theft, and conspiracy to launder monetary instruments. The DOJ said she claimed she wasn't aware she was working for the North Koreans, but Acting Assistant Attorney General of the Criminal Division Matthew Galeotti told CNN that that was 'irrelevant.' 'She knew that she was working for individuals abroad. She knew that they were using false identities. She knew that she was forging documents for her bank accounts. She knew that some of the addresses that she was sending hardware to were on the border of China and North Korea,' he said. 'The safety of our nation is at issue' In late June, the DOJ conducted sweeping raids and searches at 29 known or suspected laptop farms across 16 states, seizing around 200 laptops. With all North Korean workers located outside the US, in countries without extradition treaties with the US, these raids are one of the few tangible ways authorities can disrupt the scheme, Galeotti said. 'You will be prosecuted to the fullest extent of the law. The defendant in this case [Chapman] made perhaps just north of $170,000. It's not worth it,' he warned. Chapman arrived at her sentencing hearing at a US District Court in Washington DC on July 24 wearing dark glasses and accompanied by a camera crew. Inside the court, public defender Alexis Gardner argued for the lowest possible sentence. 'She's a pawn in this whole scheme,' Gardner told the court. Speaking through tears, Chapman told the court she began running the laptop farm because her mother was ill at the time. She expressed remorse for the harm she had caused people whose identities were stolen and used by the North Koreans. Christina Chapman cries outside a US District Court in Washington DC on the day of her sentencing. CNN 'The fact that I was part of something that caused so much damage to somebody,' Chapman said, sobbing. 'I really hate myself because of that.' Judge Randolph Moss acknowledged she seemed 'genuinely remorseful' but handed down a sentence of 102 months in prison and 36 months of supervised release. 'The safety of our nation is at issue,' he said. US authorities have vowed to track down other American citizens knowingly or unknowingly helping the Kim regime evade international sanctions, offering millions of dollars in rewards in exchange for information. US officials said it's not just money the North Koreans are after – they warn the scheme is evolving, and that as operatives gain access to sensitive roles or become exposed, they may turn malicious and launch malware or ransomware attacks. In a press briefing after Chapman's sentencing, US Attorney for the District of Columbia Jeanine Ferris Pirro sent a direct message to corporate America: 'This is a code red.' 'Your tech sectors are being infiltrated by North Korea. And when big companies are lax and they're not doing their due diligence, they are putting America's security at risk,' she said. Experts say the scheme is too big to take down, powered by a regime with no shortage of compliant workers, aided by US facilitators recorded in every state except Hawaii. 'For everyone that we do catch and for every laptop farm that the FBI raids, it is an element of whack-a-mole,' said Gordenker, noting that the alias Breeyan Cornelius is still active and was last seen applying for a job at a large insurance company in May 2025. 'There is no silver bullet,' Gordenker said. 'This is an inherent risk in doing business... you run the risk of hiring a North Korean.'
Business Insider
19 hours ago
- Business Insider
An AI data trap catches Perplexity impersonating Google
If you want to succeed in AI, a good hack would be to impersonate Google. You just can't get caught. This is what just happened to Perplexity, a startup that competes with ChatGPT, Google's Gemini, and other generative AI services. Quality data is crucial for success in AI, but tech companies don't want to pay for this, so they crawl the web and scrape information for free, often without permission. This has sparked a backlash by some content creators and others interested in preserving the incentives that built the web. Cloudflare and its CEO, Matthew Prince, have stormed into this battle with new features that help websites block unwanted AI bot crawlers. Cloudflare is an infrastructure, security, and software company that helps run about 20% of the internet. It thrives when the web does well, hence its interest in helping sites get paid for content. Some Cloudflare customers recently complained to the company that Perplexity was evading these blocks and continued to scrape and collect data without permission. So, CloudFlare set a digital trap and caught this startup red-handed, according to a Monday blog describing the escapade. "Some supposedly 'reputable' AI companies act more like North Korean hackers," Prince wrote on X on Monday. "Time to name, shame, and hard block them." Perplexity didn't respond to a request for comment. The bait: Honeytrap domains and locked doors Cloudflare created entirely new, unpublished websites and configured them with files that explicitly blocked all crawlers — including Perplexity's declared bots, PerplexityBot and Perplexity-User. These test sites had no public links, search engine entries, or metadata that would normally make them discoverable. Yet, when Cloudflare queried Perplexity's AI with questions about these specific sites, the startup's service responded with detailed information that could only have come from those restricted pages. The conclusion? Perplexity had accessed the content despite being clearly told not to. The cloak: How Perplexity masked its crawl Perplexity initially crawled these sites using its official user-agent string, complying with standard protocols. However, Cloudflare said it discovered that once blocked, Perplexity resorted to stealth tactics. Cloudflare found that Perplexity began deploying undeclared crawlers disguised as normal web browsers and sending requests from unknown or rotated IP addresses and unofficial ASNs, [what is ASN? write out on first ref?] which are crucial identifiers that help route internet traffic efficiently. When its official crawlers were blocked, Perplexity also used a generic web browser designed to impersonate Google's Chrome browser on Apple Mac computers. (Business Insider asked Google whether it has told Perplexity to stop impersonating Chrome. Google did not respond). According to Cloudflare, Perplexity has been making millions of such "stealth" requests daily across tens of thousands of web domains. This behavior not only violated web standards, but also betrays the fundamental trust that underpins the functioning of the open web, Cloudflare explained. The comparison: How OpenAI gets it right To emphasize what good bot behavior looks like, Cloudflare compared Perplexity's conduct to that of OpenAI's crawlers, which scrape data for developing ChatGPT and giant AI models such as the upcoming GPT-5. When OpenAI's bots encountered a file or a similar block, they simply backed off. No circumvention. No masking. No backdoor crawling, according to Cloudflare tests. The Fallout: De-verification and blocking As a result of these findings, Cloudflare has de-listed Perplexity as a verified bot and rolled out new detection and blocking techniques across its network. Cloudflare's takedown serves as a cautionary tale in the AI arms race. While the web shifts toward stronger control over data access and usage, actors who flout these evolving norms may find themselves not just blocked, but publicly called out. In an era where AI systems are hungry for training data, Cloudflare's sting operation is a signal to startups and established players alike: Respect the rules of the web, or risk being exposed.
