SlowMist Show Di Crypto-Theft Malware for Solana Pumpfun Bot

Security firm SlowMist don find bad code wey dem hide for the open-source GitHub project Solana Pumpfun Bot. Bad people take official npm package “crypto-layout-utils” comot and change am to one version wey get backdoor, wey dey check local files for wallet addresses and private keys. Another bad package, “bs58-encrypt-utils,” first show for June 12. After dem gather private keys, dem send am go server wey the attackers control for githubshadow.xyz and the money wey dem take steal dem dey wash am through FixedFloat. SlowMist on-chain tracker MistTrack trace the money wey dem move comot and confirm say people first report theft on July 2, but the attack start June 12. Investigation show say the project author get plenty GitHub accounts, wey im use forks and fake stars to make people believe am more. For im Q2 MistTrack report, SlowMist talk say hackers dey change from on-chain attack to off-chain ways like bad browser extensions, social engineering and bad downloads. Because Ethereum-based DeFi platforms lose $470 million in first half of 2025, traders make dem run wallet code for isolated area and make dem check all third-party stuff well well.