SlowMist: GitHubs popular Solana tool hides a trap for stealing coins

By: odaily.com|2025/07/03 19:41:26

Odaily News According to the monitoring of the SlowMist security team, on July 2, a victim said that he had used an open source project hosted on GitHub the day before - zldp2002/solana-pumpfun-bot, and then his encrypted assets were stolen. According to SlowMist analysis, in this attack, the attacker induced users to download and run malicious code by disguising as a legitimate open source project (solana-pumpfun-bot). Under the cover of increasing the popularity of the project, the user ran the Node.js project with malicious dependencies without any defense, resulting in the leakage of wallet private keys and theft of assets. The entire attack chain involves multiple GitHub accounts to operate in coordination, which expands the scope of dissemination, enhances credibility, and is extremely deceptive. At the same time, this type of attack uses social engineering and technical means, and it is difficult to fully defend within the organization. SlowMist recommends that developers and users be highly vigilant against GitHub projects of unknown origin, especially when it comes to wallet or private key operations. If you really need to run and debug, it is recommended to run and debug in an independent machine environment without sensitive data.

1. On-chain Volume: $34.0M USD inflow to Hyperliquid today; $29.3M USD outflow from Arbitrum 2. Biggest Gainers and Losers: $FAI, $ARC 3. Top News: Today, the crypto market rebounded against the trend, with a macro hedge whale holding long positions in gold and silver and shorting crypto, resulting in a $500k USD loss for the day

Interpreting the Anthropic vs. War Department Conflict: What Does Trump Intend to Do?

In the coming decades, our freedom may be more fragile than we think

Nasdaq Moves In, Predicts Market Has Reached Mainstream Inflection Point

Predictive trading is no longer just an experiment in the crypto space or a niche market but is starting to be integrated into the product suite of traditional trading platforms.

After a 48-hour ban, Claude reached the top of the App Store

Just the day before, ChatGPT was sitting right there

If this is the beginning of the triple halving, what are top investors saying about what to expect?

Hormuz Strait Blockade, Capital War, Oil and Bitcoin

Wall Street Rings Inflation Alarm Bells Amid Iran Tensions, What Does It Mean for Cryptocurrency?

Interest rates have remained stubbornly high, posing a challenge to the cryptocurrency bull case.

Qwen Open Source Model Enters Mobile, Nasdaq Tests Water Prediction Market, What's the Overseas Crypto Community Talking About Today?

What Was the Hottest Topic Among Expats in the Last 24 Hours?

MegaETH Co-founder: 48 Hours After Escaping Dubai, I Reassess the Entire Crypto Scene

The global environment is not favorable to us, but in the long run, it may be favorable to us.

Morning Report | Strategy increased its holdings by 3,015 bitcoins last week; BitMine increased its holdings by 50,928 ETH last week; Vitalik elaborated on the Ethereum execution layer roadmap

March 2 Market Key Events Overview

Why is it said that there are structural opportunities in encrypted AI?

When centralized AI falls into the dilemma of regulation and trust, Crypto + AI will become a structural escape route for safeguarding data and sovereignty in a multipolar world.

Make Probability an Asset: A Forward-Looking Perspective on Predictive Market Agents

The predictive market agents are expected to present early prototypes in early 2026, likely becoming an emerging product form in the field of agents in the following year.

Consumer application issues

The truly outstanding applications will not ask people to "use cryptocurrency," but will provide practical and better solutions to the problems that people already face.