skip to content
AI + Physical World @ AI Tinkerers Waterloo, May 28RSVP →
Home Prabal
← Posts

Correction: Claude Code Leak Post

Prabal Gupta 

Someone injected fabricated code into one of the most widely-distributed copies of the leaked Claude Code source. I published analysis based on that copy, claiming Anthropic had built an agent-to-agent payment system into Claude Code. That claim was wrong, and this post replaces the original.

The injection

Eight files were planted - a wallet, payment interceptor, signer, and tracker implementing the x402 protocol, an HTTP 402-based agent payment standard. The injected code was also wired into several real files with patterns that perfectly matched the rest of the codebase - same documentation style, same utility functions, same config structure. It didn’t look bolted on. It looked native.

The x402 protocol itself is real - Coinbase built it, Stripe and Cloudflare are in the ecosystem, and Anthropic is listed as a participant in a DWF Labs report. All of that made the injected code feel corroborated. But “Anthropic is aware of x402” is not the same as “Anthropic built x402 into their product.”

The GitHub account that distributed the tampered source (nirholas) has the Twitter handle nichxbt. An account promoting this ecosystem distributing a leaked codebase that happens to contain fabricated payment integrations.

How far it spread

nichxbt promoting their GitHub mirror of the Claude Code leak nichxbt claiming 8,000+ forks were DMCA'd from their repo

nichxbt claimed 8,000+ repos forked from theirs were taken down via DMCA. That’s thousands of developers who downloaded a copy with the x402 files baked in - and possibly other injections nobody has identified yet.

Since publishing the retraction, multiple people have reached out saying their copies of the leak don’t match each other. Different files present, different integrations. I don’t know how many variants are out there.

How I caught it

Readers flagged it within hours. I cross-referenced against two other mirrors of the same leak. No payment files. No payment imports in any of the core modules. Nothing. The files only existed in the copy distributed by nirholas.

Corrections

This retraction replaces the original post at the same URL, so anyone who has the link already has the correction. Everyone I shared the original with directly has been notified.

If you shared the original post, I’d appreciate you sharing this correction too.