๐จ ๐ ๐๐๐๐๐๐ข๐จ๐ฆ ๐ฆ๐ข๐๐๐ก๐ ๐๐ข๐ง ๐ข๐ก ๐๐๐ง๐๐จ๐ ๐ฆ๐ง๐๐๐๐ฆ ๐๐ฅ๐ฌ๐ฃ๐ง๐ข
A fake Solana trading bot on GitHub has been caught stealing users' crypto, according to security firm SlowMist.
โ What Happened?
๐น A GitHub user named โzldp2002โ uploaded a malicious Solana bot pretending to be a legit open-source tool.
๐น Victims ran the bot, only to find their crypto drained.
๐น The scam was revealed after a user reported stolen funds, prompting an investigation.
โ How It Worked
๐ธ The bot was written in Node.js and relied on a suspicious package named crypto-layout-utils.
๐ธ Instead of the safe official version, it forced users to download the package from another GitHub page.
๐ธ That package was heavily obfuscated (intentionally hidden) using jsjiami.com tools.
๐ธ After decoding, SlowMist found that it:
โก๏ธ Scanned local files for wallet/private key info
โก๏ธ Sent that data to a remote server controlled by the hacker
โ Not an Isolated Incident
๐น The attacker likely used multiple GitHub accounts to post similar fake bots.
๐น These were forked from real projects but modified to include crypto-stealing malware.
๐น Another suspicious package named bs58-encrypt-utils-1.0.3 was traced to June 12.
โ Part of a Larger Crypto Hack Wave
๐ธ Other recent attacks include:
โก๏ธ Fake Firefox wallet extensions
โก๏ธ Malware spreading through GitHub repositories
โก๏ธ Phishing scams using GitHub stars/forks to look legit
๐ ๐ช๐ฎ๐ฟ๐ป๐ถ๐ป๐ด ๐ณ๐ผ๐ฟ ๐ง๐ฟ๐ฎ๐ฑ๐ฒ๐ฟ๐ & ๐๐ฒ๐๐:
โ Always verify the source of open-source code
โ Avoid downloading from unofficial repositories
โ Use tools like VirusTotal or SlowMist Scanner before running unfamiliar code
โ Don't trust projects just because they have many GitHub stars or forksโthose can be faked!