TechFlow news — On July 3, according to SlowMist Security Team, a popular Solana tool on GitHub named solana-pumpfun-bot was found to contain malicious code, resulting in theft of users' cryptocurrency assets.
SlowMist's analysis revealed that the project includes two malicious NPM packages, crypto-layout-utils and bs58-encrypt-utils, which scan files on users' computers and upload wallet private key information to attacker-controlled servers. The attackers used multiple GitHub accounts to artificially inflate the project’s popularity and credibility, while also replacing the NPM package download links to evade official review.
SlowMist advises developers to remain highly vigilant about GitHub projects of unknown origin, especially tools involving wallet operations, and to test such tools in isolated environments free of sensitive data.




