📢 Gate Square #MBG Posting Challenge# is Live— Post for MBG Rewards!
Want a share of 1,000 MBG? Get involved now—show your insights and real participation to become an MBG promoter!
💰 20 top posts will each win 50 MBG!
How to Participate:
1️⃣ Research the MBG project
Share your in-depth views on MBG’s fundamentals, community governance, development goals, and tokenomics, etc.
2️⃣ Join and share your real experience
Take part in MBG activities (CandyDrop, Launchpool, or spot trading), and post your screenshots, earnings, or step-by-step tutorials. Content can include profits, beginner-friendl
GitHub malicious projects impersonating Solana Bots lead to users' encryption assets being stolen
[Bit Push] According to monitoring by the security team, on July 2, a victim reported that they had used an accomplice hosted on GitHub's open source project — zldp2002/solana-pumpfun-bot the day before, after which their encrypted assets were stolen. Analysis reveals that in this attack, the attacker disguised as a legitimate open source project (solana-pumpfun-bot) to lure users into downloading and running malicious code. Under the guise of boosting the project's popularity, users unsuspectingly ran a Node.js project carrying malicious dependencies, leading to the leak of their wallet private keys and asset theft. The entire attack chain involved multiple GitHub accounts working together, expanding the scope of the spread and enhancing credibility, making it highly deceptive. At the same time, such attacks employ both social engineering and technical means, making it difficult to fully defend against them within organizations.
Developers are advised to be highly cautious of unknown GitHub projects, especially when it involves Wallet or Private Key operations. If debugging is necessary, it is recommended to run and debug in a separate machine environment that does not contain sensitive data.