In early July, SlowMist investigated a crypto theft caused by a malicious GitHub project: zldp2002/solana-pumpfun-bot. More recently, a similar repo — audiofilter/pumpfun-pumpswap-sniper-copy-trading-bot — was found stealing private keys from .env files and sending them to an attacker-controlled server. 🎭These attacks often rely on social engineering. Developers and users: stay alert when using unknown GitHub tools, especially those involving wallets or keys. ⚠️Run only in isolated environments without sensitive data. ✍️Full analysis: https://slowmist.medium.com/threat-intelligence-an-analysis-of-a-malicious-solana-open-source-trading-bot-ab580fd3cc89(SlowMist)