An investigation by SlowMist revealed vulnerabilities in the open-source project 'Solana-pumpfun-bot' on GitHub, leading to cryptocurrency theft from user wallets.
Causes of Theft
The investigation began on July 2, 2025, after a victim reported the loss of their wallet due to the use of the vulnerable project. The user downloaded software that contained malicious code, resulting in the theft of their assets which were transferred to the FixedFloat exchange.
Suspicion on the Project Author
The author of the project has become the main suspect in the investigation. The hacker impersonated the original project to entice users to download a malicious code. During the investigation, a dependency named 'crypto-layout-utils' was found to have been removed from the official NPM source. The author is also suspected of controlling multiple GitHub accounts to spread malicious programs.
Trends in Crypto Hacking
According to SlowMist, while hacking techniques have not significantly advanced, their cunning has increased. SlowMist's head of operations, Lisa, noted a rise in fake browser extensions and fraudulent hardware wallets. She emphasized that hackers are increasingly using social manipulation to undermine user security.
The incident involving 'Solana-pumpfun-bot' underscores the need for heightened user vigilance and readiness against new forms of cryptocurrency fraud.
