LIVE
Robinhood Chain mainnet goes live in L2 launchRobinhood to Launch Crypto Trading in the UKUSDT Becomes Unavailable on Regulated EU Markets as MiCA Deadline HitsBinance and CZ Face £150 Million Lawsuit From UK Crypto InvestorsTaiwan Legislature Passes Crypto Law for Exchanges and Stablecoin IssuersCitigroup Cuts Bitcoin and Ethereum Price Targets on ETF OutflowsTaiwan Legislature Approves Crypto Law Establishing Regulatory FrameworkTrump Reportedly Holds Over $50M in Bitcoin in Cold WalletVisa, Stripe, Coinbase and BlackRock Back Open USD StablecoinSpot Bitcoin ETFs Face Worst Monthly Outflows Since LaunchRobinhood Chain mainnet goes live in L2 launchRobinhood to Launch Crypto Trading in the UKUSDT Becomes Unavailable on Regulated EU Markets as MiCA Deadline HitsBinance and CZ Face £150 Million Lawsuit From UK Crypto InvestorsTaiwan Legislature Passes Crypto Law for Exchanges and Stablecoin IssuersCitigroup Cuts Bitcoin and Ethereum Price Targets on ETF OutflowsTaiwan Legislature Approves Crypto Law Establishing Regulatory FrameworkTrump Reportedly Holds Over $50M in Bitcoin in Cold WalletVisa, Stripe, Coinbase and BlackRock Back Open USD StablecoinSpot Bitcoin ETFs Face Worst Monthly Outflows Since Launch
Homepage/News/Fake Solana Bot on GitHub Steals Cryptocurrency
NEWS

Fake Solana Bot on GitHub Steals Cryptocurrency

BY Solomon M.·2 MIN READ·JULY 4, 2025

A fake GitHub repository featuring a supposed Solana trading bot distributed malware, leading to cryptocurrency theft, according to cybersecurity firm SlowMist.

KEY FINDINGS - EVIDENCE LEVEL: MULTI-SOURCE
1Key sections mapped in this report
0Internal references connected to related coverage
2External source domains cited in the article
2 minEstimated time to read the full report
Key Takeaways:
  • Malware attack through fake Solana bot on GitHub.
  • Significant funds stolen from unsuspecting users.
  • SlowMist uncovers method, urges community caution.
fake-solana-bot-on-github-steals-cryptocurrency
Fake Solana Bot on GitHub Steals Cryptocurrency

Cyberattack highlights vulnerabilities in open-source platforms, raising security concerns among cryptocurrency users.

The malware was distributed through a GitHub repository that falsely claimed to be an open-source Solana trading bot. The attacker, using the alias zldp2002, exploited the credibility of GitHub by using fake accounts to enhance legitimacy.

SlowMist, identifying the scheme, revealed funds were funneled through FixedFloat, though the platform itself is not complicit. They emphasized enhanced vigilance for open-source projects in the crypto space.

“On July 2, a user reported asset theft after using the tool, which masquerades as a legitimate open-source project. The attack involves malicious code that, when executed, leaks wallet private keys, leading to asset theft. The operation uses multiple GitHub accounts to enhance credibility and spread the malicious code.” — SlowMist Security Team, Cybersecurity Firm, SlowMist

The attack specifically targeted users with Solana-related assets, resulting in direct financial losses. Commentary from notable figures or institutions remains absent, indicating no systemic market impact.

Potential outcomes involve an increased focus on security measures within the community. Historical precedents show this attack mirrors past crypto-specific phishing incidents, highlighting a trend in opportunistic supply chain attacks.

Real-time tracking by SlowMist’s MistTrack tool and on-chain analysis continue to provide insights. Meanwhile, Solana‘s network resilience remains unaffected at a macro level.

Disclaimer:

The content on The CCPress is provided for informational purposes only and should not be considered financial or investment advice. Cryptocurrency investments carry inherent risks. Please consult a qualified financial advisor before making any investment decisions.

SOURCE TRANSPARENCY
  • External Source - Referenced domain: cryptodnes.bg
  • External Source - Referenced domain: phemex.com
  • Byline - Reported by Solomon M.
  • Coverage Desk - Primary editorial category: News
  • Media Asset - Featured image served from the WordPress media library