Express
SlowMist: Popular Solana Tool on GitHub Hides Coin Theft Trap
Summary: According to SlowMist security team monitoring, on July 2nd, a victim reported that their encrypted assets were stolen after using an open-source project hosted on GitHub the day before - zldp2002/solana-pumpfun-bot. SlowMist analysis revealed that in this attack, the attacker disguised themselves as a legitimate open-source project (solana-pumpfun-bot), luring users to download and run malicious ...
According to SlowMist security team monitoring, on July 2nd, a victim reported that their encrypted assets were stolen after using an open-source project hosted on GitHub the day before - zldp2002/solana-pumpfun-bot. SlowMist analysis revealed that in this attack, the attacker disguised themselves as a legitimate open-source project (solana-pumpfun-bot), luring users to download and run malicious code. Under the guise of boosting project popularity, users unsuspectingly ran a Node.js project carrying malicious dependencies, leading to wallet private key exposure and asset theft. The entire attack chain involved multiple GitHub accounts working together, expanding the spread and increasing credibility, making it highly deceptive. These attacks, utilizing both social engineering and technical means, are difficult to fully defend against even within organizations. SlowMist advises developers and users to be highly vigilant of unknown GitHub projects, especially when involving wallet or private key operations. If debugging is necessary, it is recommended to run and debug in a separate machine environment without sensitive data.
