đ¨ Alert: Hackers Hijack GitHub with Fake Solana Bot to Drain Crypto Wallets
Another day, another crypto heistâonly this time, hackers are weaponizing GitHub's trust to swipe your SOL.
How? A malicious Solana trading bot, lurking in repos, promises alpha but delivers empty wallets. Classic 'trust-us-with-your-private-keys' scamâyet somehow, it still works.
Security sleuths report victims lost funds within minutes of authorizing the bot. No fancy zero-days hereâjust social engineering meets copy-paste code.
Meanwhile, Wall Street still thinks 'blockchain' is a type of yoga. Stay paranoid, folks.
TLDR
- A fake Solana trading bot on GitHub tricked users by mimicking a real open-source project.
- The scam bot included a hidden package that bypassed official NPM security checks.
- Once installed, the bot extracted private crypto wallet keys from victimsâ computers.
- Stolen funds were transferred to exchanges like FixedFloat which lack strict identity checks.
- Cybersecurity firm SlowMist began investigating after a victim reported significant losses on July 2, 2025.
A fraudulent solana trading bot has triggered fresh security concerns after victims reported stolen funds. The malicious software mimicked a legitimate open-source project and successfully deceived users on GitHub. Cybersecurity firm SlowMist investigated the scam after receiving a report from a user on July 2, 2025.
On July 2, a victim reached out to the SlowMist team after losing crypto assets. The cause? Running a seemingly legitimate GitHub project â zldp2002/solana-pumpfun-bot.
đłď¸What looked SAFE turned out to be a cleverly disguised trap.
Our analysis revealed:
1ď¸âŁThe perpetrator⌠pic.twitter.com/UkbVLf7owk
â SlowMist (@SlowMist_Team) July 4, 2025
The fake trading tool appeared to help users interact with the Pump.fun platform to trade Solana tokens. However, it included a hidden backdoor used to extract private crypto wallet keys from victimsâ systems. Attackers then routed stolen assets through exchanges that do not enforce strong identity checks.
The software project falsely displayed trusted GitHub activity, such as stars and forks, to enhance its credibility. SlowMist confirmed that the bot also used a fake NPM package, which bypassed standard security validation. These deceptive methods allowed malicious scripts to operate undetected.
Solana Bot Scam Exploits GitHub Project
The scam bot operated under the name âsolana-pumpfun-botâ and pretended to automate Solana token trading. The bot looked functional but included a dangerous dependency from an unauthorized GitHub repository. This dependency avoided official NPM security checks, which made the code risky.
Once installed, the bot scanned the victimâs system for wallet credentials and private keys. It then transmitted the sensitive data to servers under hacker control, allowing instant unauthorized access to funds. The attackers quickly transferred assets to third-party services such as FixedFloat.
FixedFloat and similar exchanges often lack strict verification, which made tracking difficult. This gave scammers time to MOVE funds without drawing attention. The package âcrypto-layout-utils,â used in the scam, has now been removed from the NPM registry.
SlowMistâs Search and Results
SlowMist responded to a victim report and launched a technical audit of the GitHub-based bot. Investigators uncovered that attackers used false GitHub accounts to create a convincing open-source profile. This technique is consistent with supply chain compromise tactics seen in recent years.
The scam highlights how malicious actors use code hosting platforms to distribute dangerous software. Cybercriminals disguise threats within what looks like regular developer tools. This makes detection harder and increases risks for those seeking automation tools.
The firm urged developers to verify all dependencies and examine repository origins. Supply chain attacks now use clever tactics to manipulate trust within developer communities. SlowMistâs report confirmed that bad actors are refining strategies to appear legitimate and trustworthy.
Â
