- Buy Crypto
- Markets
Futures- Spot
- Copy Trade
- Earn
- More
SlowMist: GitHubs popular Solana tool hides a trap for stealing coins
Odaily News According to the monitoring of the SlowMist security team, on July 2, a victim said that he had used an open source project hosted on GitHub the day before - zldp2002/solana-pumpfun-bot, and then his encrypted assets were stolen. According to SlowMist analysis, in this attack, the attacker induced users to download and run malicious code by disguising as a legitimate open source project (solana-pumpfun-bot). Under the cover of increasing the popularity of the project, the user ran the Node.js project with malicious dependencies without any defense, resulting in the leakage of wallet private keys and theft of assets. The entire attack chain involves multiple GitHub accounts to operate in coordination, which expands the scope of dissemination, enhances credibility, and is extremely deceptive. At the same time, this type of attack uses social engineering and technical means, and it is difficult to fully defend within the organization. SlowMist recommends that developers and users be highly vigilant against GitHub projects of unknown origin, especially when it comes to wallet or private key operations. If you really need to run and debug, it is recommended to run and debug in an independent machine environment without sensitive data.
You may also like
From Mining Enterprise to Infrastructure Builder, Bitdeer Unpacks the Survival Logic behind BTC
How Can Agentic Commerce Empower AI to Start Making Money?
February Correction: Is the Crypto Market Bottoming Out?
AI Payments Through the Lens of Fintech Giants: Five Levels, Stablecoin Infrastructure, Next-Gen Globalized Commerce
Zuckerberg Retweets Stablecoin, Can Meta Win This "Comeback Game"?
Polymarket New Rule Release: How to Build a New Trading Bot
Bitwise: The Institutional Wave is Here, So Why is the Market Still Sleeping?
WEEX LALIGA Partnership 2026: Where Football Excellence Meets Crypto Innovation
WEEX becomes official crypto exchange partner of LALIGA in Hong Kong and Taiwan. Discover how this partnership brings together football excellence and trading discipline.
AI Apocalypse, a massive short squeeze
The "Second Truth" of the Luna Crash: Jane Street Exits Ahead of Plunge
Jane Street Market Manipulation, Stripe Considering Acquiring PayPal, What's the Overseas Crypto Community Talking About Today?
WEEX × LALIGA 2026: Trade Crypto, Take Your Shot & Win Official LALIGA Prizes
Unlock shoot attempts through futures trading, spot trading, or referrals. Turn match predictions into structured rewards with BTC, USDT, position airdrops, and LALIGA merchandise on WEEX.
a16z: Why Do AI Agents Need a Stablecoin for B2B Payments?
February 24th Market Key Intelligence, How Much Did You Miss?
Web4.0, perhaps the most needed narrative for cryptocurrency
Some Key News You Might Have Missed Over the Chinese New Year Holiday
Key Market Information Discrepancy on February 24th - A Must-Read! | Alpha Morning Report
App