"Solana-pumpfun-bot" on GitHub hides malicious code stealing crypto.
Attackers use "crypto-layout-utils" to access private keys.
Stolen funds are transferred to the FixedFloat exchange.
Crypto scams target off-chain vulnerabilities like user behavior.
Verify GitHub projects to protect wallets from theft.
Malicious Code Discovered in Solana Tool
A widely used Solana tool, "solana-pumpfun-bot," hosted on GitHub, harbors malicious code designed to steal cryptocurrency from users’ wallets. Security researchers uncovered the threat on July 2, 2025, after a victim reported asset losses. The investigation revealed the tool, disguised as a legitimate open-source project, contains a hidden trap that siphons funds to the FixedFloat exchange.
The malicious code operates through a suspicious dependency package called "crypto-layout-utils." This package, since removed from the official NPM source, enables attackers to access private keys and drain wallets. Funds stolen through this method are funneled to addresses linked to FixedFloat, a known cryptocurrency exchange.
Victims who ran the tool unknowingly executed the malicious code, compromising their wallet security. The incident highlights the growing sophistication of crypto scams targeting developers and users on platforms like GitHub.
Rising Threats in Crypto Ecosystems
Crypto hacking techniques have become more cunning, focusing on off-chain vulnerabilities. Attackers increasingly exploit browser extensions, social media accounts, and user behavior to bypass traditional blockchain security measures. For instance, hackers manipulate trusted platforms like Notion or Zoom, replacing legitimate downloads with malicious files.
In the first half of 2025, Ethereum-based DeFi platforms lost approximately $470 million to security breaches, underscoring the scale of the threat. Solana, while innovative, faces similar risks, with incidents like the "solana-pumpfun-bot" exploit exposing vulnerabilities in open-source tools. Developers are urged to verify GitHub projects thoroughly, especially those handling sensitive wallet operations.
The Solana ecosystem has faced multiple security challenges. In August 2022, a large-scale theft saw users lose SOL and SPL tokens due to wallet vulnerabilities. Approximately 60% of affected users used Phantom Wallet, while 30% used Slope Wallet, highlighting the need for rigorous audits of wallet-related tools.
To enhance security, experts recommend adopting best practices for Solana smart contracts, as outlined in resources like the Solana Smart Contract Security Best Practices. Regular audits and vigilance can mitigate risks associated with malicious dependencies.
Blockchain security remains a critical concern as attackers exploit trust in open-source platforms. The "solana-pumpfun-bot" incident serves as a stark reminder to prioritize verification and caution when using third-party tools.