Slow Mist: GitHub's popular Solana tool hides cryptocurrency traps

According to the SlowMist security team, on July 2, a victim said that he used an open-source project hosted on GitHub the day before - zldp2002/solana-pumpfun-bot, and then the crypto assets were stolen. According to SlowMist analysis, in this attack, the attacker induced users to download and run malicious code by pretending to be a legitimate open-source project (solana-pumpfun-bot). Under the cover of the popularity of the project, the user ran the Node.js project with malicious dependencies unsuspecting, resulting in the leakage of the wallet private key and the theft of assets. The entire attack chain involves the coordinated operation of multiple GitHub accounts, which expands the scope of dissemination and enhances the credibility. It is highly deceptive. At the same time, such attacks are carried out through both social engineering and technical means, making it difficult to fully defend against them within an organization.
SlowMist advises developers and users to be highly vigilant of unidentified GitHub projects, especially when it comes to wallet or private key operations. If you do need to run debugging, it is recommended to run and debug in a separate machine environment without sensitive data.