TechFlow reports, security researcher dm posted that a Web3 open-source project on GitHub can steal users' Solana private keys.
In response, Yu Xian, founder of SlowMist, commented on X platform stating that the open-source bot contains backdoor code designed to steal private keys, and warned users to remain vigilant—especially if unfamiliar with code—whenever encountering garbled or obfuscated code within open-source projects.




