๐Ÿšจ ๐— ๐—”๐—Ÿ๐—œ๐—–๐—œ๐—ข๐—จ๐—ฆ ๐—ฆ๐—ข๐—Ÿ๐—”๐—ก๐—” ๐—•๐—ข๐—ง ๐—ข๐—ก ๐—š๐—œ๐—ง๐—›๐—จ๐—• ๐—ฆ๐—ง๐—˜๐—”๐—Ÿ๐—ฆ ๐—–๐—ฅ๐—ฌ๐—ฃ๐—ง๐—ข

A fake Solana trading bot on GitHub has been caught stealing users' crypto, according to security firm SlowMist.

โœ… What Happened?

๐Ÿ”น A GitHub user named โ€œzldp2002โ€ uploaded a malicious Solana bot pretending to be a legit open-source tool.

๐Ÿ”น Victims ran the bot, only to find their crypto drained.

๐Ÿ”น The scam was revealed after a user reported stolen funds, prompting an investigation.

โœ… How It Worked

๐Ÿ”ธ The bot was written in Node.js and relied on a suspicious package named crypto-layout-utils.

๐Ÿ”ธ Instead of the safe official version, it forced users to download the package from another GitHub page.

๐Ÿ”ธ That package was heavily obfuscated (intentionally hidden) using jsjiami.com tools.

๐Ÿ”ธ After decoding, SlowMist found that it:

โžก๏ธ Scanned local files for wallet/private key info

โžก๏ธ Sent that data to a remote server controlled by the hacker

โœ… Not an Isolated Incident

๐Ÿ”น The attacker likely used multiple GitHub accounts to post similar fake bots.

๐Ÿ”น These were forked from real projects but modified to include crypto-stealing malware.

๐Ÿ”น Another suspicious package named bs58-encrypt-utils-1.0.3 was traced to June 12.

โœ… Part of a Larger Crypto Hack Wave

๐Ÿ”ธ Other recent attacks include:

โžก๏ธ Fake Firefox wallet extensions

โžก๏ธ Malware spreading through GitHub repositories

โžก๏ธ Phishing scams using GitHub stars/forks to look legit

๐Ÿ” ๐—ช๐—ฎ๐—ฟ๐—ป๐—ถ๐—ป๐—ด ๐—ณ๐—ผ๐—ฟ ๐—ง๐—ฟ๐—ฎ๐—ฑ๐—ฒ๐—ฟ๐˜€ & ๐——๐—ฒ๐˜ƒ๐˜€:

โœ… Always verify the source of open-source code

โœ… Avoid downloading from unofficial repositories

โœ… Use tools like VirusTotal or SlowMist Scanner before running unfamiliar code

โœ… Don't trust projects just because they have many GitHub stars or forksโ€”those can be faked!

#solana

$SOL