ExchangeDEX+

Buy Crypto Markets Spot Futures500X Earn Events

PANews reported on July 3 that according to the SlowMist security team, on July 2, a victim claimed that he had used an open source project hosted on GitHub thePANews reported on July 3 that according to the SlowMist security team, on July 2, a victim claimed that he had used an open source project hosted on GitHub the

SlowMist: GitHub's popular Solana tool hides a trap for stealing coins

Author: PANews

Source: PANews

2025/07/03 19:34

OPEN$0,000000012394-0,93%

PANews reported on July 3 that according to the SlowMist security team, on July 2, a victim claimed that he had used an open source project hosted on GitHub the day before - zldp2002/solana-pumpfun-bot, and then his encrypted assets were stolen. According to SlowMist analysis, in this attack, the attacker induced users to download and run malicious code by disguising as a legitimate open source project (solana-pumpfun-bot). Under the cover of boosting the popularity of the project, the user ran the Node.js project with malicious dependencies without any precautions, resulting in the leakage of the wallet private key and the theft of assets. The entire attack chain involves the coordinated operation of multiple GitHub accounts, which expands the scope of dissemination, enhances credibility, and is extremely deceptive. At the same time, this type of attack uses both social engineering and technical means, and it is difficult to fully defend against it within the organization.

SlowMist recommends that developers and users be highly vigilant against unknown GitHub projects, especially when it comes to wallet or private key operations. If you really need to run and debug, it is recommended to run and debug in an independent machine environment without sensitive data.

Market Opportunity

OpenLedger Price(OPEN)

$0,17337

$0,17337$0,17337

+1,53%

USD

OpenLedger (OPEN) Live Price Chart

Disclaimer: The articles reposted on this site are sourced from public platforms and are provided for informational purposes only. They do not necessarily reflect the views of MEXC. All rights remain with the original authors. If you believe any content infringes on third-party rights, please contact [email protected] for removal. MEXC makes no guarantees regarding the accuracy, completeness, or timeliness of the content and is not responsible for any actions taken based on the information provided. The content does not constitute financial, legal, or other professional advice, nor should it be considered a recommendation or endorsement by MEXC.