Advertisement
Advertisement
AD

    Scam Alert: Victims Lose Crypto to Malicious Solana Bot on GitHub

    By Alex Dovbnya
    Fri, 4/07/2025 - 8:40
    Fake Pump.fun bot draining crypto wallets recently spotted by SlowMist
    Advertisement
    Scam Alert: Victims Lose Crypto to Malicious Solana Bot on GitHub
    Cover image via www.freepik.com
    Read U.TODAY on
    Google News

    Cybersecurity firm SlowMist recently revealed that it was contacted by a user who was affected by a malicious open-source project on GitHub that appeared to be a Pump.fun bot for trading Solana-based tokens.

    Advertisement

    The user downloaded and ran a seemingly innocuous GitHub project. Shortly after this, their wallet ended up being drained. 

    The bogus project was a Node.js app with a dependency on a package that was downloaded from a custom GitHub link. The package was able to bypass the security checks of the NPM registry. This is typical behavior for attackers, who tend to hide malicious code in externally hosted packages in order to be able to avoid detection. 

    HOT Stories
    Bitcoin Cycle Theory Is Dead, Top Analyst Says
    Bitcoin Plunges as Galaxy Digital Deposits $1.5 Billion Worth of BTC to Exchanges
    Shiba Inu (SHIB) Lost It All, Dogecoin (DOGE): This Is Unexpected, Ethereum (ETH) Too Strong
    Still Buying? Ripple's Larsen Dumps $200 Million Worth of XRP, Analyst Says

    The package then ended up scanning the victim's wallet for crypto wallet information. It then sent private keys to a server controlled by the malicious actor. 

    Advertisement

    The hacker faked popularity by using bogus GitHub accounts to make it look trustworthy.

    SlowMist has stressed that users should never blindly trust GitHub projects. 

    #Solana News #Cryptocurrency Scam
    Advertisement

    Related articles

    News
    Jul 25, 2025 - 6:31
    Bitcoin Cycle Theory Is Dead, Top Analyst Says
    ByAlex Dovbnya
    News
    Jul 25, 2025 - 5:30
    Bitcoin Plunges as Galaxy Digital Deposits $1.5 Billion Worth of BTC to Exchanges
    ByAlex Dovbnya
    Advertisement
    Latest Press releases
    XXKK Exchange Upgrades Security Architecture to Enhance Asset Protection and Compliance Measures
    Pure Luck Proven On-Chain: How Lotshot Built True Randomness on TON
    Zircuit Launches AI Trading Engine for Lightning-Fast, Cross-Chain Trading
    Subscribe to daily newsletter

    Recommended articles

    Reviews
    Jul 15, 2025 - 11:00
    Bitget Wallet, The All-in-One Crypto Wallet for Everyday Mobile Users: Big Review
    article image Vladislav Sopov
    Reviews
    Jul 14, 2025 - 4:30
    From Exchange to Ecosystem: HTX Redefines What CEX Means in the New Crypto Cycle
    article image U.Today Editorial Team
    Companies
    Jul 11, 2025 - 10:02
    Silent Data Ethereum L2 Launched by Applied Blockchain: Details
    article image Vladislav Sopov
    Interviews
    Jul 7, 2025 - 12:18
    Redefining Role of CEXes and Building Trust Gateway in Web3 Era: Big Interview with Coinstore CEO Johnson Zhao
    article image U.Today Editorial Team
    Interviews
    Jul 1, 2025 - 13:43
    Crypto Regulation, MiCA, and Unexpected Jurisdictions: Interview with Mark Gofaizen
    article image U.Today Editorial Team
    Price Index
    Bitcoin
    Ethereum
    XRP
    Cardano
    Dogecoin
    Shiba Inu
    Tron
    Polygon
    Litecoin
    Solana
    Our social media
    There's a lot to see there, too

    Popular articles

    Bitcoin Cycle Theory Is Dead, Top Analyst Says
    Bitcoin Plunges as Galaxy Digital Deposits $1.5 Billion Worth of BTC to Exchanges
    Shiba Inu (SHIB) Lost It All, Dogecoin (DOGE): This Is Unexpected, Ethereum (ETH) Too Strong
    Show all