Slow Fog: Popular Solana Tool on GitHub Hides Coin Theft Trap

PANews July 3 news, according to the Slow Fog security team, on July 2, a victim reported that they used an open source project hosted on GitHub — zldp2002/solana-pumpfun-bot the day before, and their encrypted assets were stolen. After analysis by Slow Fog, it was found that in this attack, the attacker disguised as a legitimate open source project (solana-pumpfun-bot) to lure users into downloading and running malicious code. Under the guise of boosting the project's popularity, users ran a Node.js project with malicious dependencies without any defense, leading to the leakage of the wallet's private key and asset theft. The entire attack chain involved multiple GitHub accounts working together, expanding the spread and enhancing credibility, making it highly deceptive. At the same time, this type of attack uses both social engineering and technical means, making it difficult to fully defend against even within organizations. Slow Fog advises developers and users to be highly vigilant of unknown GitHub projects, especially when it involves Wallet or Private Key operations. If debugging is necessary, it is recommended to run and debug in an isolated environment that does not contain sensitive data.