Solana Trader Loses 0.9897 SOL in GitHub Attack

A trader on the Solana (SOL) network using the Pump.fun launchpad recently lost funds in a sophisticated attack orchestrated through GitHub. The victim, a memecoin trader, reported the incident to the SlowMist team, resulting in a loss of 0.9897 SOL, valued at approximately $149 at the time of the attack. The attacker accessed sensitive wallet information and transferred the stolen crypto assets to the FixedFloat exchange, a non-custodial cryptocurrency exchange that is fully automated.

The attacker employed a combination of social engineering and complex technical maneuvers using JavaScript (Node.js). The SlowMist team's on-chain analysis revealed that the attacker sent the stolen funds to FixedFloat. The attack involved embedding malicious code in a differently named file and using obfuscation techniques with jsjiami.com.v7. This sophisticated method exposed the victim's wallet details, including security keys, allowing the attacker to silently siphon the funds to their wallet addresses.

According to the SlowMist team, after de-obfuscation, it was confirmed that the attack involved a malicious NPM package. The attacker embedded logic within crypto-layout-utils-1.3.1 to scan the victim’s local files. If wallet-related content or private keys were detected, this sensitive information would be uploaded to a server controlled by the attacker. The attacker also replicated the malicious package to their other GitHub accounts, potentially increasing the number of victims. Additionally, the attacker inflated the number of stars and forks to increase the credibility of the malicious NPM packages.

This incident underscores the importance of exercising extra caution while dealing with unfamiliar GitHub projects for all crypto investors. The automated cryptocurrency trading has gained more traction globally through the democratization of digital assets made possible through decentralized financial (DeFi) protocols. However, platforms like Pump.fun are not legally liable for any loss recorded through third-party extension bots. Therefore, it is crucial for memecoin traders seeking to automate via external bots to proceed with extra caution. The existence of more memecoin launchpads will compel developers to increase their security features, potentially to detect such malicious attacks before damage is done.