A malicious open-source venture on GitHub disguised as a Solana buying and selling bot has compromised person wallets, in accordance with a July 2, 2025, report by cybersecurity agency SlowMist.
The venture, referred to as “solana-pumpfun-bot”, was printed underneath the GitHub person zldp2002 and shortly gained traction in the neighborhood. However as a substitute of providing actual performance, the bot silently stole cryptocurrencies from customers’ wallets and funneled the funds to a platform referred to as FixedFloat.
Pretend Bundle, Actual Injury
SlowMist’s investigation revealed that the bot was constructed with Node.js and used a shady dependency named “crypto-layout-utils”, which isn’t listed in official NPM repositories. As soon as put in, this bundle silently scanned for personal keys and pockets recordsdata on the person’s machine and despatched them to an attacker-controlled server, githubshadow.xyz.
The malware’s code was closely obfuscated, making it tough to detect. The attacker additionally forked the venture a number of instances utilizing pretend GitHub accounts, amplifying publicity. A few of these forks used an alternate malicious bundle, “bs58-encrypt-utils-1.0.3”.
Assault Energetic Since Mid-June
The assault seems to have been energetic since June 12, 2025, and was solely found after a sufferer contacted SlowMist a day after putting in the venture. Publish-exploit on-chain evaluation utilizing SlowMist’s MistTrack software confirmed the stolen funds have been routed to FixedFloat.
Skilled Warning
SlowMist strongly cautioned towards working GitHub-based open-source software program that interacts with wallets or non-public keys until completed in a extremely remoted atmosphere. The agency recommends avoiding suspicious or unverified packages, particularly in crypto bot frameworks and automation instruments.
The case underscores the rising danger of social engineering and dependency hijacking in open-source crypto growth — and the significance of verifying each part earlier than execution.
Kosta has been working within the crypto business for over 4 years. He strives to current completely different views on a given subject and enjoys the sector for its transparency and dynamism. In his work, he focuses on balanced protection of occasions and developments within the crypto house, offering data to his readers from a impartial perspective.
