- Topic
40k Popularity
20k Popularity
49k Popularity
17k Popularity
44k Popularity
19k Popularity
7k Popularity
4k Popularity
115k Popularity
29k Popularity
- Pin
- 🎊 ETH Deposit & Trading Carnival Kicks Off!
Join the Trading Volume & Net Deposit Leaderboards to win from a 20 ETH prize pool
🚀 Climb the ranks and claim your ETH reward: https://www.gate.com/campaigns/site/200
💥 Tiered Prize Pool – Higher total volume unlocks bigger rewards
Learn more: https://www.gate.com/announcements/article/46166
- 📢 ETH Heading for $4800? Have Your Say! Show Off on Gate Square & Win 0.1 ETH!
The next bull market prophet could be you! Want your insights to hit the Square trending list and earn ETH rewards? Now’s your chance!
💰 0.1 ETH to be shared between 5 top Square posts + 5 top X (Twitter) posts by views!
🎮 How to Join – Zero Barriers, ETH Up for Grabs!
1.Join the Hot Topic Debate!
Post in Gate Square or under ETH chart with #ETH Hits 4800# and #ETH# . Share your thoughts on:
Can ETH break $4800?
Why are you bullish on ETH?
What's your ETH holding strategy?
Will ETH lead the next bull run?
Or any o
- 🧠 #GateGiveaway# - Crypto Math Challenge!
💰 $10 Futures Voucher * 4 winners
To join:
1️⃣ Follow Gate_Square
2️⃣ Like this post
3️⃣ Drop your answer in the comments
📅 Ends at 4:00 AM July 22 (UTC)
- 🎉 #Gate Alpha 3rd Points Carnival & ES Launchpool# Joint Promotion Task is Now Live!
Total Prize Pool: 1,250 $ES
This campaign aims to promote the Eclipse ($ES) Launchpool and Alpha Phase 11: $ES Special Event.
📄 For details, please refer to:
Launchpool Announcement: https://www.gate.com/zh/announcements/article/46134
Alpha Phase 11 Announcement: https://www.gate.com/zh/announcements/article/46137
🧩 [Task Details]
Create content around the Launchpool and Alpha Phase 11 campaign and include a screenshot of your participation.
📸 [How to Participate]
1️⃣ Post with the hashtag #Gate Alpha 3rd - 🚨 Gate Alpha Ambassador Recruitment is Now Open!
📣 We’re looking for passionate Web3 creators and community promoters
🚀 Join us as a Gate Alpha Ambassador to help build our brand and promote high-potential early-stage on-chain assets
🎁 Earn up to 100U per task
💰 Top contributors can earn up to 1000U per month
🛠 Flexible collaboration with full support
Apply now 👉 https://www.gate.com/questionnaire/6888
Solana users suffer from Private Key theft, with malicious NPM packages as the mastermind.
Solana users encounter Private Key theft incident, malicious NPM package becomes the culprit
In early July 2025, a theft incident targeting Solana users caught the attention of security experts. The incident originated from the victim using an open-source project hosted on GitHub called solana-pumpfun-bot, after which their crypto assets were stolen.
After the security team conducted an investigation, it was found that although the project had a high number of Stars and Forks, the code submission times were unusually concentrated, lacking the characteristics of continuous updates. Further analysis revealed that the project relied on a suspicious third-party package crypto-layout-utils, which has been removed from NPM by the official.
Investigators found that the attacker replaced the download link for crypto-layout-utils in the package-lock.json file with a version from a GitHub repository. This version is highly obfuscated and is actually a malicious NPM package that can scan sensitive files on the user's computer and upload content containing Private Key to a server controlled by the attacker.
The attacker may also have controlled multiple GitHub accounts to fork malicious projects and enhance their credibility. In addition to crypto-layout-utils, another malicious package named bs58-encrypt-utils was found to be involved in the attack.
Through on-chain analysis tools, the security team traced some of the stolen funds to a certain trading platform.
This incident highlights the hidden security risks in open-source projects. Attackers disguise themselves as legitimate projects and successfully lure users into running code with malicious dependencies through social engineering and technical means, resulting in private key leaks and asset losses.
Security experts advise developers and users to remain highly vigilant about unknown GitHub projects, especially when it involves wallet or Private Key operations. If debugging is necessary, it is best to do so in a separate environment without sensitive data.
This incident involves multiple malicious GitHub repositories and NPM packages, and the security team has compiled relevant information for reference. As attack methods continue to evolve, users should exercise extra caution when using open-source projects to guard against potential security threats.