Malicious Solana Tool on GitHub Steals User Assets

A GitHub-hosted Solana tool, zldp2002/solana-pumpfun-bot, has been identified as a trap for stealing cryptocurrency assets, according to SlowMist security team. On July 2, a user reported asset theft after using the tool, which masquerades as a legitimate open-source project. The attack involves malicious code that, when executed, leaks wallet private keys, leading to asset theft. The operation uses multiple GitHub accounts to enhance credibility and spread the malicious code. SlowMist advises developers and users to exercise caution with GitHub projects of unknown origin, especially those involving wallet or private key operations. It is recommended to run such projects in isolated environments to prevent sensitive data exposure.

SOL -2.78%

Source: Show Original

Disclaimer: The content provided on Phemex News is for informational purposes only. We do not guarantee the quality, accuracy, or completeness of the information sourced from third-party articles. The content on this page does not constitute financial or investment advice. We strongly encourage you to conduct you own research and consult with a qualified financial advisor before making any investment decisions.

You may also like