Wu Shuo learned that the SlowMist security team has revealed that the popular GitHub open-source project "solana pumpfun bot" has hidden coin theft traps, and the victims' wallet assets were stolen after running the project. The attacker implanted malicious code in the dependency package, scanned and uploaded the user's private key to the control server, and the relevant address funds have flowed into FixeFloat. This project enhances credibility by increasing the number of Star and Fork scans, inducing more users to download and run. Similar malicious behavior has also been found in some Fork projects. SlowMist recommends developers to use GitHub tools from unknown sources with caution, and wallet operations should be run in an independent environment without sensitive data. http://(wublock123.com)/index.php? m=content&c=index&a=show&catid=6&id=44998