• bitcoinBitcoin (BTC) $ 94,221.00
  • ethereumEthereum (ETH) $ 3,297.40
  • tetherTether (USDT) $ 0.999811
  • xrpXRP (XRP) $ 2.39
  • bnbBNB (BNB) $ 920.84
  • usd-coinUSDC (USDC) $ 0.999972
  • staked-etherLido Staked Ether (STETH) $ 3,297.13
  • tronTRON (TRX) $ 0.292710
  • dogecoinDogecoin (DOGE) $ 0.155600
  • cardanoCardano (ADA) $ 0.435882
  • figure-helocFigure Heloc (FIGR_HELOC) $ 1.03
  • wrapped-stethWrapped stETH (WSTETH) $ 4,038.85
  • bitcoin-cashBitcoin Cash (BCH) $ 637.80
  • whitebitWhiteBIT Coin (WBT) $ 59.03
  • wrapped-beacon-ethWrapped Beacon ETH (WBETH) $ 3,587.77
  • wrapped-bitcoinWrapped Bitcoin (WBTC) $ 94,048.00
  • wrapped-eethWrapped eETH (WEETH) $ 3,582.24
  • chainlinkChainlink (LINK) $ 14.16
  • usdsUSDS (USDS) $ 0.999645
  • binance-bridged-usdt-bnb-smart-chainBinance Bridged USDT (BNB Smart Chain) (BSC-USD) $ 0.999996
  • zcashZcash (ZEC) $ 519.83
  • wethWETH (WETH) $ 3,302.37
  • moneroMonero (XMR) $ 448.73
  • leo-tokenLEO Token (LEO) $ 8.91
  • stellarStellar (XLM) $ 0.252270
  • suiSui (SUI) $ 1.98
  • coinbase-wrapped-btcCoinbase Wrapped BTC (CBBTC) $ 94,197.00
  • hyperliquidHyperliquid (HYPE) $ 27.33
  • litecoinLitecoin (LTC) $ 84.73
  • avalanche-2Avalanche (AVAX) $ 14.79
  • ethena-usdeEthena USDe (USDE) $ 1.00
  • hedera-hashgraphHedera (HBAR) $ 0.134689
  • shiba-inuShiba Inu (SHIB) $ 0.000009
  • canton-networkCanton (CC) $ 0.140016
  • world-liberty-financialWorld Liberty Financial (WLFI) $ 0.177567
  • the-open-networkToncoin (TON) $ 1.93
  • susdssUSDS (SUSDS) $ 1.08
  • usdt0USDT0 (USDT0) $ 1.00
  • crypto-com-chainCronos (CRO) $ 0.111171
  • daiDai (DAI) $ 0.999801
  • uniswapUniswap (UNI) $ 6.27
  • polkadotPolkadot (DOT) $ 2.26
  • mantleMantle (MNT) $ 1.13
  • paypal-usdPayPal USD (PYUSD) $ 1.00
  • ethena-staked-usdeEthena Staked USDe (SUSDE) $ 1.21
  • usd1-wlfiUSD1 (USD1) $ 1.00
  • rainRain (RAIN) $ 0.008919
  • pepePepe (PEPE) $ 0.000007
  • bittensorBittensor (TAO) $ 294.12
  • memecoreMemeCore (M) $ 1.62
  • aaveAave (AAVE) $ 176.29
  • bitget-tokenBitget Token (BGB) $ 3.59
  • okbOKB (OKB) $ 115.40
  • nearNEAR Protocol (NEAR) $ 1.84
  • tether-goldTether Gold (XAUT) $ 4,463.22
  • falcon-financeFalcon USD (USDF) $ 0.997253
  • ethereum-classicEthereum Classic (ETC) $ 13.52
  • ethenaEthena (ENA) $ 0.261709
  • jito-staked-solJito Staked SOL (JITOSOL) $ 178.96
  • binance-peg-wethBinance-Peg WETH (WETH) $ 3,299.08
  • internet-computerInternet Computer (ICP) $ 3.54
  • aster-2Aster (ASTER) $ 0.800447
  • pi-networkPi Network (PI) $ 0.214116
  • worldcoin-wldWorldcoin (WLD) $ 0.647780
  • solanaWrapped SOL (SOL) $ 142.83
  • blackrock-usd-institutional-digital-liquidity-fundBlackRock USD Institutional Digital Liquidity Fund (BUIDL) $ 1.00
  • pax-goldPAX Gold (PAXG) $ 4,473.41
  • hash-2Provenance Blockchain (HASH) $ 0.029869
  • jupiter-perpetuals-liquidity-provider-tokenJupiter Perpetuals Liquidity Provider Token (JLP) $ 4.88
  • htx-daoHTX DAO (HTX) $ 0.000002
  • kucoin-sharesKuCoin (KCS) $ 11.63
  • hashnote-usycCircle USYC (USYC) $ 1.11
  • global-dollarGlobal Dollar (USDG) $ 0.999860
  • binance-staked-solBinance Staked SOL (BNSOL) $ 155.83
  • aptosAptos (APT) $ 2.01
  • pump-funPump.fun (PUMP) $ 0.002541
  • ondo-financeOndo (ONDO) $ 0.469289
  • skySky (SKY) $ 0.064115
  • syrupusdcsyrupUSDC (SYRUPUSDC) $ 1.15
  • kaspaKaspa (KAS) $ 0.053033
  • polygon-ecosystem-tokenPOL (ex-MATIC) (POL) $ 0.131353
  • rocket-pool-ethRocket Pool ETH (RETH) $ 3,811.54
  • ripple-usdRipple USD (RLUSD) $ 0.999797
  • wbnbWrapped BNB (WBNB) $ 921.09
  • bfusdBFUSD (BFUSD) $ 0.999406
  • midnight-3Midnight (NIGHT) $ 0.079229
  • arbitrumArbitrum (ARB) $ 0.226884
  • binance-bridged-usdc-bnb-smart-chainBinance Bridged USDC (BNB Smart Chain) (USDC) $ 0.999783
  • algorandAlgorand (ALGO) $ 0.145310
  • render-tokenRender (RENDER) $ 2.47
  • gatechain-tokenGate (GT) $ 10.67
  • cosmosCosmos Hub (ATOM) $ 2.53
  • kelp-dao-restaked-ethKelp DAO Restaked ETH (RSETH) $ 3,504.36
  • filecoinFilecoin (FIL) $ 1.60
  • quant-networkQuant (QNT) $ 79.87
  • vechainVeChain (VET) $ 0.013163
  • official-trumpOfficial Trump (TRUMP) $ 5.62
  • bonkBonk (BONK) $ 0.000012
  • flare-networksFlare (FLR) $ 0.013042
  • ignition-fbtcFunction FBTC (FBTC) $ 94,159.00
  • xdce-crowd-saleXDC Network (XDC) $ 0.053841
  • lombard-staked-btcLombard Staked BTC (LBTC) $ 94,467.00
  • janus-henderson-anemoy-aaa-clo-fundJanus Henderson Anemoy AAA CLO Fund (JAAA) $ 1.02
  • bridged-wrapped-lido-staked-ether-scrollBridged Wrapped Lido Staked Ether (Scroll) (WSTETH) $ 4,014.65
  • solv-btcSolv Protocol BTC (SOLVBTC) $ 94,213.00
  • nexoNEXO (NEXO) $ 1.00
  • myx-financeMYX Finance (MYX) $ 4.96
  • liquid-staked-ethereumLiquid Staked ETH (LSETH) $ 3,494.30
  • sei-networkSei (SEI) $ 0.134684
  • usddUSDD (USDD) $ 0.999846
  • mantle-staked-etherMantle Staked Ether (METH) $ 3,562.07
  • pudgy-penguinsPudgy Penguins (PENGU) $ 0.013427
  • usdtbUSDtb (USDTB) $ 1.00
  • ousgOUSG (OUSG) $ 113.87
  • lighterLighter (LIT) $ 3.21
  • wrappedm-by-m0WrappedM by M^0 (WM) $ 0.999789
  • jupiter-exchange-solanaJupiter (JUP) $ 0.238107
  • wrapped-flareWrapped Flare (WFLR) $ 0.013036
  • arbitrum-bridged-wbtc-arbitrum-oneArbitrum Bridged WBTC (Arbitrum One) (WBTC) $ 94,394.00
  • superstate-short-duration-us-government-securities-fund-ustbSuperstate Short Duration U.S. Government Securities Fund (USTB) (USTB) $ 10.95
  • bridged-usdc-polygon-pos-bridgePolygon Bridged USDC (Polygon PoS) (USDC.E) $ 0.999703
  • virtual-protocolVirtuals Protocol (VIRTUAL) $ 1.13
  • renzo-restaked-ethRenzo Restaked ETH (EZETH) $ 3,524.05
  • story-2Story (IP) $ 2.11
  • fetch-aiArtificial Superintelligence Alliance (FET) $ 0.305534
  • pancakeswap-tokenPancakeSwap (CAKE) $ 2.11
  • syrupusdtsyrupUSDT (SYRUPUSDT) $ 1.11
  • clbtcclBTC (CLBTC) $ 95,172.00
  • beldexBeldex (BDX) $ 0.091458
  • blockstackStacks (STX) $ 0.380674
  • morphoMorpho (MORPHO) $ 1.28
  • ondo-us-dollar-yieldOndo US Dollar Yield (USDY) $ 1.10
  • jupiter-staked-solJupiter Staked SOL (JUPSOL) $ 165.89
  • stakewise-v3-osethStakeWise Staked ETH (OSETH) $ 3,477.94
  • l2-standard-bridged-weth-baseL2 Standard Bridged WETH (Base) (WETH) $ 3,300.72
  • optimismOptimism (OP) $ 0.340025
  • usdaiUSDai (USDAI) $ 1.00
  • curve-dao-tokenCurve DAO (CRV) $ 0.437466
  • tezosTezos (XTZ) $ 0.587157
  • polygon-pos-bridged-dai-polygon-posPolygon PoS Bridged DAI (Polygon POS) (DAI) $ 0.999715
  • kinetic-staked-hypeKinetiq Staked HYPE (KHYPE) $ 27.58
  • spx6900SPX6900 (SPX) $ 0.668645
  • injective-protocolInjective (INJ) $ 5.83
  • flokiFLOKI (FLOKI) $ 0.000060
  • dashDash (DASH) $ 45.98
  • aerodrome-financeAerodrome Finance (AERO) $ 0.629175
  • lido-daoLido DAO (LDO) $ 0.679524
  • c8ntinuumc8ntinuum (CTM) $ 0.130952
  • tbtctBTC (TBTC) $ 94,544.00
  • eutblSpiko EU T-Bills Money Market Fund (EUTBL) $ 1.22
  • usual-usdUsual USD (USD0) $ 0.999341
  • ether-fiEther.fi (ETHFI) $ 0.828845
  • arbitrum-bridged-weth-arbitrum-oneArbitrum Bridged WETH (Arbitrum One) (WETH) $ 3,301.84
  • celestiaCelestia (TIA) $ 0.610616
  • gtethGTETH (GTETH) $ 3,299.93
  • first-digital-usdFirst Digital USD (FDUSD) $ 0.999707
  • iotaIOTA (IOTA) $ 0.117254
  • ghoGHO (GHO) $ 0.999875
  • true-usdTrueUSD (TUSD) $ 0.997861
  • msolMarinade Staked SOL (MSOL) $ 192.85
  • ether-fi-liquid-ethEther.Fi Liquid ETH (LIQUIDETH) $ 3,565.51
  • starknetStarknet (STRK) $ 0.095507
  • stader-ethxStader ETHx (ETHX) $ 3,559.82
  • dogwifcoindogwifhat (WIF) $ 0.478699
  • wrapped-apecoinWrapped ApeCoin (WAPE) $ 0.235949
  • fasttokenFasttoken (FTN) $ 1.09
  • the-graphThe Graph (GRT) $ 0.043785
  • riverRiver (RIVER) $ 23.57
  • syrupMaple Finance (SYRUP) $ 0.397783
  • fartcoinFartcoin (FARTCOIN) $ 0.453647
  • chilizChiliz (CHZ) $ 0.044399
  • bittorrentBitTorrent (BTT) $ 0.00000045
  • doublezeroDoubleZero (2Z) $ 0.128627
  • jasmycoinJasmyCoin (JASMY) $ 0.008974
  • ethereum-name-serviceEthereum Name Service (ENS) $ 11.47
  • staked-aaveStaked Aave (STKAAVE) $ 176.55
  • conflux-tokenConflux (CFX) $ 0.083473
  • newton-projectAB (AB) $ 0.004510
  • coinbase-wrapped-staked-ethCoinbase Wrapped Staked ETH (CBETH) $ 3,694.25
  • pyth-networkPyth Network (PYTH) $ 0.073474
  • sbtc-2sBTC (SBTC) $ 93,336.00
  • bitcoin-svBitcoin SV (BSV) $ 21.00
  • chain-2Onyxcoin (XCN) $ 0.011382
  • kaiaKaia (KAIA) $ 0.071524
  • plasmaPlasma (XPL) $ 0.201453
  • justJUST (JST) $ 0.041565
  • usdbUSDB (USDB) $ 1.01
  • pendlePendle (PENDLE) $ 2.38
  • binance-peg-dogecoinBinance-Peg Dogecoin (DOGE) $ 0.156118
  • trust-wallet-tokenTrust Wallet (TWT) $ 0.951010
  • telcoinTelcoin (TEL) $ 0.004136
  • steakhouse-usdc-morpho-vaultSteakhouse USDC Morpho Vault (STEAKUSDC) $ 1.11
  • sun-tokenSun Token (SUN) $ 0.020251
  • gnosisGnosis (GNO) $ 144.90
  • sonic-3Sonic (S) $ 0.100498
  • wrapped-stx-velarWrapped STX (Velar) (WSTX) $ 0.371244
  • galaGALA (GALA) $ 0.007881
  • apenftAINFT (NFT) $ 0.00000037
  • bitcoin-avalanche-bridged-btc-bAvalanche Bridged BTC (Avalanche) (BTC.B) $ 94,151.00
  • benqi-liquid-staked-avaxBENQI Liquid Staked AVAX (SAVAX) $ 18.35
Bitcoin

SlowMist Details How a Fake Bot Was Used to Steal a Trader’s SOL

By admin
0 58

SlowMist Details How a Fake Bot Was Used to Steal a Trader’s SOL

  • The attacker accessed sensitive wallet information and transferred stolen crypto assets to the FixedFloat exchange.
  • The attacker used both social engineering and complex technical maneuvers using JavaScript (Node.js).
  • Exercising extra caution while dealing with unfamiliar GitHub projects is prudent for all crypto investors.

A memecoin trader on the Solana (SOL) network using the Pump.fun launchpad lost funds in a sophisticated attack orchestrated through GitHub. Earlier this month, a crypto investor, who is the victim, informed the SlowMist team of the attack that resulted in a loss of 0.9897 SOL, currently worth around $149 as the Solana price hovers around $151.6 on Tuesday, July 8.

According to on-chain analysis conducted by the SlowMist team, the attacker sent the stolen funds to FixedFloat, a non-custodial cryptocurrency exchange that is fully automated.

SlowMist Details How a Fake Bot Was Used to Steal a Trader’s SOL

Closer Look at the Attack on the Pump.fun Trader

Following an analysis of the GitHub repositories uploaded by the attacker, the SlowMist team found out that the Solana Pump.fun bot used JavaScript (Node.js) with witty social engineering techniques.

The attacker embedded the malicious code in a differently named file and used obfuscation techniques using the jsjiami.com.v7.

SlowMist Details How a Fake Bot Was Used to Steal a Trader’s SOL

The sophisticated attack method revealed the wallet details of the victim, which included sensitive information such as security keys. As a result, the attacker managed to silently siphon the funds to their wallet addresses.

“After de-obfuscation, we confirmed that this was indeed a malicious NPM package. The attacker had embedded logic within crypto-layout-utils-1.3.1to scan the victim’s local files. If it detected wallet-related content or private keys, it would upload this sensitive information to a server controlled by the attacker — githubshadow.xyz,” the SlowMist team explained.

The attacker also replicated the malicious package to their other GitHub accounts, which potentially increased the number of victims. Additionally, the attacker increased the credibility of the malicious NPM packages through inflated number of stars and forks.

SlowMist Details How a Fake Bot Was Used to Steal a Trader’s SOL

A Critical Takeaway for Bot Users

The automated cryptocurrency trading has gained more traction globally through the democratization of digital assets made possible through decentralized financial (DeFi) protocols. The Pump.fun platform is not legally liable for any loss recorded through third party extension bots.

As a result, it is incumbent upon all memecoin traders seeking to automate via external bots to proceed with extra caution. Meanwhile, the existence of more memecoin launchpads, led by LetsBONK.fun will compel developers to increase their security features, potentially to detect such malicious attacks before damage is done.

Source

admin 16767 posts 0 comments
You might also like More from author

Leave A Reply

Your email address will not be published.