In early July, SlowMist investigated a crypto theft caused by a malicious GitHub project: zldp2002/solana-pumpfun-bot. More recently, a similar repo — audiofilter/pumpfun-pumpswap-sniper-copy-trading-bot — was found stealing private keys from .env files and sending them to an attacker-controlled server. 🎭These attacks often rely on social engineering. Developers and users: stay alert when using unknown GitHub tools, especially those involving wallets or keys. ⚠️Run only in isolated environments without sensitive data. ✍️Full analysis:
SlowMist
SlowMist4.7. klo 11.53
On July 2, a victim reached out to the SlowMist team after losing crypto assets. The cause? Running a seemingly legitimate GitHub project — zldp2002/solana-pumpfun-bot. 🕳️What looked safe turned out to be a cleverly disguised trap. Our analysis revealed: 1️⃣The perpetrator disguised a malicious program as a legit open-source project (solana-pumpfun-bot), luring users to download and run it. 2️⃣Its artificial popularity (stars/forks) masked the threat — users unknowingly ran a Node.js project with embedded malicious dependencies, exposing their private keys and losing assets. This social + technical combo made it highly deceptive. ⚠️Reminder: Never blindly trust GitHub projects, especially when private keys or wallets are involved. If you must test them, do so in a sandboxed, isolated environment with no sensitive data. 🔗Full article: #Web3Security #NodeJS #OpenSourceSecurity #GitHub
7,54K