Slow Fog: Popular Solana Tool on GitHub Hides Cryptocurrency Theft Trap

ChainCatcher news, according to the Slow Mist security team, on July 2, a victim reported that they used an open-source project hosted on GitHub ------ zldp2002/solana-pumpfun-bot the day before, and subsequently their crypto assets were stolen. After analysis by Slow Mist, it was found that in this attack, the attacker disguised themselves as a legitimate open-source project (solana-pumpfun-bot) to lure users into downloading and running malicious code. Under the guise of boosting the project's popularity, users unknowingly ran a Node.js project with malicious dependencies, leading to the leakage of wallet private keys and asset theft. The entire attack chain involved multiple GitHub accounts working in coordination, expanding the scope of dissemination and enhancing credibility, making it highly deceptive. At the same time, such attacks combine social engineering and technical means, making it difficult to completely defend against them within organizations.

Slow Mist advises developers and users to be highly vigilant about unknown GitHub projects, especially when it involves wallet or private key operations. If debugging is indeed necessary, it is recommended to run and debug in an isolated environment that does not contain sensitive data.