logo

SlowMist: GitHubs popular Solana tool hides a trap for stealing coins

By: odaily.com|2025/07/03 19:41:26
0
Share
copy

Odaily News According to the monitoring of the SlowMist security team, on July 2, a victim said that he had used an open source project hosted on GitHub the day before - zldp2002/solana-pumpfun-bot, and then his encrypted assets were stolen. According to SlowMist analysis, in this attack, the attacker induced users to download and run malicious code by disguising as a legitimate open source project (solana-pumpfun-bot). Under the cover of increasing the popularity of the project, the user ran the Node.js project with malicious dependencies without any defense, resulting in the leakage of wallet private keys and theft of assets. The entire attack chain involves multiple GitHub accounts to operate in coordination, which expands the scope of dissemination, enhances credibility, and is extremely deceptive. At the same time, this type of attack uses social engineering and technical means, and it is difficult to fully defend within the organization. SlowMist recommends that developers and users be highly vigilant against GitHub projects of unknown origin, especially when it comes to wallet or private key operations. If you really need to run and debug, it is recommended to run and debug in an independent machine environment without sensitive data.

You may also like

Pantera Capital Partner: The Financial Trajectory of AI Agents

AI agents will move towards fully autonomous commerce, and blockchain is the only digital-native financial track that meets its needs for identity, micropayments, and trustless execution.

In the next 5 years, Vitalik will scale Ethereum like this

Short-Term vs Long-Term, Execution, Data vs State

Sam Altman and the End of the World Capitalism

The real danger is never AI itself, but those who believe they have the right to define the human destiny.

Wall Street Rings Inflation Alarm Bells Amid Iran Tensions, What Does It Mean for Cryptocurrency?

Interest rates have remained stubbornly high, posing a challenge to the cryptocurrency bull case.

Qwen Open Source Model Enters Mobile, Nasdaq Tests Water Prediction Market, What's the Overseas Crypto Community Talking About Today?

What Was the Hottest Topic Among Expats in the Last 24 Hours?

MegaETH Co-founder: 48 Hours After Escaping Dubai, I Reassess the Entire Crypto Scene

The global environment is not favorable to us, but in the long run, it may be favorable to us.

Popular coins

Latest Crypto News

15:43

Data: 388.15 BTC transferred from an anonymous address, worth approximately 26.28 million USD

According to Arkham data, at 13:37, 388.15 BTC (worth approximately 26.28 million USD) was transferred from multiple anonymous addresses to two different anonymous addresses (starting with 1DCCY... and 1MeUq...).
15:43

The Nasdaq futures fell by 1% during the day, while the Dow futures dropped by 0.8%

According to Jinshi reports, the Nasdaq futures fell by 1% during the day, the Dow futures dropped by 0.8%, and the S&P 500 futures decreased by 0.83%.
15:43

Data: ETH total network contract open interest increased by 5.81% in 24h

According to Coinglass data, the total open interest of ETH contracts across the network has increased by 5.81% in the past 24 hours, with the current total open interest at $26.101 billion. Among them, Binance has an open interest of $5.475 billion, OKX has $1.592 billion, Bybit has $2.122 billion,...
15:43

Data: A suspected whale/entity has built a position of 10.9 million USD in ETH on-chain through two addresses

According to on-chain analysts, two addresses have built positions worth $10.9 million in ETH.Address 0xBA9...85a6a: purchased 3,388.6 ETH at $2,037.3. Address 0x767...03678: purchased 1,961.88 ETH at $2,035.34. Both addresses suddenly operated after being dormant for three months, and the timing of...
15:43

Solana launches AI agent trust layer Agent Registry

Solana announced on the X platform that it has launched the AI agent trust layer Agent Registry. The Agent Registry natively introduces identity, reputation, and verification registries to the Solana network, providing each agent with a verified identity profile, including agent identity, functional...
Read more
Community
iconiconiconiconiconiconicon

Customer Support Bot@WEEX_support_smart_Bot

VIP Servicessupport@weex.com