Buy Crypto- Markets
Futures- Spot
- Copy Trade
- Earn
- More
SlowMist: GitHubs popular Solana tool hides a trap for stealing coins
Odaily News According to the monitoring of the SlowMist security team, on July 2, a victim said that he had used an open source project hosted on GitHub the day before - zldp2002/solana-pumpfun-bot, and then his encrypted assets were stolen. According to SlowMist analysis, in this attack, the attacker induced users to download and run malicious code by disguising as a legitimate open source project (solana-pumpfun-bot). Under the cover of increasing the popularity of the project, the user ran the Node.js project with malicious dependencies without any defense, resulting in the leakage of wallet private keys and theft of assets. The entire attack chain involves multiple GitHub accounts to operate in coordination, which expands the scope of dissemination, enhances credibility, and is extremely deceptive. At the same time, this type of attack uses social engineering and technical means, and it is difficult to fully defend within the organization. SlowMist recommends that developers and users be highly vigilant against GitHub projects of unknown origin, especially when it comes to wallet or private key operations. If you really need to run and debug, it is recommended to run and debug in an independent machine environment without sensitive data.
You may also like
Eve of Martian Colonization: Musk, Narrative Leverage, and a Trillion-Dollar Industry Rail
After crying "wolf" 4 times, Trump turned the negotiation deadline into a product
Under War, Why Did Bitcoin Rise Against the Odds?
CZ's New Book Appendix: 72 Life Principles in His Own Hand
Zhao Changpeng's autobiography, stories about family, rivals, and friends
Ray Dalio New Piece: The World is Heading Into a War Cycle
Top 10 Claude Code Usage Tips: Benefit from Knowing Early
Market Prediction Fallacy: Is Trading Based on Fact or Rule?
20% Oil Shortage: Why Would It Cause a Systemic Collapse?
a16z: After Securities Are on the Chain, Why Will Intermediaries Be Replaced by Code?
What Recent Bitcoin Moves and Rising Gold Prices Signal for Traders — Insights From NBX Warsaw 2026
Bitcoin price movements, rising gold demand, and changing trader behavior were key discussion topics at NBX Warsaw 2026. Here’s what these signals may reveal about market structure shifts and trading strategy trends in 2026.
Does AI Trading Work in 2026? How to Test AI Trading Bots Safely with Demo Futures Trading
Does AI trading really work? Learn how to test AI trading bots safely using demo futures trading before risking real funds. Step-by-step beginner guide inside.
The New Yorker in-depth investigation interpretation: Why do OpenAI insiders consider Altman untrustworthy?
Two Divided Worlds: Insights from the New York Digital Asset Summit, the Most Institutionalized Blockchain Conference
Top Ten Reveals of CZ's New Book: Advance Knowledge of "94", the Inside Story of Huobi's Change of Ownership Made Public for the First Time
Ceasefire Overnight Erases War Premium, Three Fault Lines Only One Sealed | Rewire News Morning Brief
Robinhood Secures 'Trump Account': Enabling Millions of Newborns to Access the Stock Market
App