- Topic1/3
13k Popularity
14k Popularity
20k Popularity
5k Popularity
20k Popularity
- Pin
- #Gate 2025 Semi-Year Community Gala# voting is in progress! 🔥
Gate Square TOP 40 Creator Leaderboard is out
🙌 Vote to support your favorite creators: www.gate.com/activities/community-vote
Earn Votes by completing daily [Square] tasks. 30 delivered Votes = 1 lucky draw chance!
🎁 Win prizes like iPhone 16 Pro Max, Golden Bull Sculpture, Futures Voucher, and hot tokens.
The more you support, the higher your chances!
Vote to support creators now and win big!
https://www.gate.com/announcements/article/45974
- 🎉 Hey Gate Square friends! Non-stop perks and endless excitement—our hottest posting reward events are ongoing now! The more you post, the more you win. Don’t miss your exclusive goodies! 🚀
1️⃣ #ETH Hits 4800# | Market Analysis & Prediction: Boldly share your ETH predictions to showcase your insights! 10 lucky users will split a 0.1 ETH prize!
Details 👉 https://www.gate.com/post/status/12322612
2️⃣ #Creator Campaign Phase 2# |ZKWASM Topic: Share original content about ZKWASM or its trading activity on X or Gate Square to win a share of 4,000 ZKWASM!
Details 👉 https://www.gate.com/post/st
Solana Wallet遭遇NPM恶意包攻击 隐藏 Private Key窃取功能
Solana user assets stolen, malicious NPM package hides Private Key theft functionality
In early July 2025, a cryptocurrency user sought help from the security team, stating that their wallet assets were stolen after using an open-source project on GitHub called solana-pumpfun-bot. After an in-depth investigation, security experts revealed a meticulously planned attack.
Investigators first examined the GitHub project and found that its code submission timestamps were unusually concentrated, lacking the characteristics of continuous updates. Further analysis of the project dependencies revealed a suspicious third-party package called crypto-layout-utils. This package has been removed from the official NPM registry, and the specified version does not appear in the official history.
By examining the package-lock.json file, experts found that the attacker cleverly replaced the download link for crypto-layout-utils with a file from a GitHub repository. This replaced package was highly obfuscated, increasing the difficulty of analysis. It was ultimately confirmed that this was a malicious NPM package capable of scanning for sensitive files on the user's computer and uploading any discovered wallet Private Keys to a server controlled by the attacker.
The investigation also found that the attackers may have controlled multiple GitHub accounts to distribute malware and enhance project credibility. They increased project popularity through actions such as Fork and Star, enticing more users to download and use it. Some Fork projects also used another malicious package, bs58-encrypt-utils-1.0.3.
This attack combined social engineering and technical means, exhibiting a high degree of deception. The attackers disguised themselves as legitimate open-source projects, leveraging users' trust in GitHub projects to trick them into downloading and running code with malicious dependencies, ultimately leading to the leakage of the Private Key and theft of assets.
Security experts recommend that developers and users remain highly vigilant towards GitHub projects of unknown origin, especially when it involves wallet or Private Key operations. If debugging such projects is necessary, it is best to do so in a separate environment that does not contain sensitive data.
This event highlights the security challenges faced by the open-source community, reminding us to exercise extra caution when using third-party code, while also calling for strengthened security oversight of the open-source ecosystem.