How to use GitHub and not lose cryptocurrency. Developer Guide
Repositories with hidden malicious code have been discovered on the hosting platform, that gives hackers the keys to crypto wallets
04.07.2025
593
4 min
0
Hackers have learned how to use the largest IT hosting platform, GitHub, to spread malicious code and steal digital assets stealthily. GetBlock AML Research provides a concrete example to show why developers should be cautious.
Previously, a zldp2002/solana-pumpfun-bot repository could be found on GitHub that contained the source code for a bot to automate transactions on the popular Pumpfun launchpad. However, users using this source code lost the cryptocurrency stored in their wallets. This happened because there were malicious elements hidden in the source code that even an experienced developer might not notice.
Repository with malicious code on GitHub
How malicious code is hidden
Link to malicious external package crypto-layout-utils
The solana-pumpfun-bot project is built on Node.js and references a suspicious external package crypto-layout-utils. This package has already been removed from the official NPM registry. Further, another suspicious feature was detected in the package-lock.json file: the project’s author replaced the link to the NPM crypto-layout-utils source with a different URL (do not download the malicious file!).
[Фото №3. Измененная ссылка на загрузку вредоносного пакета в файле package-lock.json]
[Фото №3. Changed link to download the malicious package in the package-lock.json file]
The crypto-layout-utils package code is encrypted, so it cannot be simply read. Once decrypted, it is clear that this code is used to scan the developer’s device for crypto wallets and further steal assets. All sensitive information that was detected on the victim’s device was transmitted to the hacker’s server — githubshadow.xyz.
Repository author profile
Analyzing the profile of the project’s author shows that he controlled a batch of accounts that distributed repositories with malicious code. Also, these accounts were tweaking the rating of malicious repositories.
|
Detected malicious repositories |
|
2723799947qq2022/solana-pumpfun-bot |
|
2kwkkk/solana-pumpfun-bot |
|
790659193qqch/solana-pumpfun-bot |
|
7arlystar/solana-pumpfun-bot |
|
918715c83/solana-pumpfun-bot |
|
AmirhBeigi7zch6f/solana-pumpfun-bot |
|
asmaamohamed0264/solana-pumpfun-bot |
|
bog-us/solana-pumpfun-bot |
|
edparker89/solana-pumpfun-bot |
|
ii4272/solana-pumpfun-bot |
|
ijtye/solana-pumpfun-bot |
|
iwanjunaids/solana-pumpfun-bot |
|
janmalece/solana-pumpfun-bot |
|
kay2x4/solana-pumpfun-bot |
|
lan666as2dfur/solana-pumpfun-bot |
|
loveccat/solana-pumpfun-bot |
|
lukgria/solana-pumpfun-bot |
|
mdemetrial26rvk9w/solana-pumpfun-bot |
|
oumengwas/solana-pumpfun-bot |
|
pangxingwaxg/solana-pumpfun-bot |
|
Rain-Rave5/solana-pumpfun-bot |
|
wc64561673347375/solana-pumpfun-bot |
|
wj6942/solana-pumpfun-bot |
|
xnaotutu77765/solana-pumpfun-bot |
|
yvagSirKt/solana-pumpfun-bot |
|
VictorVelea/solana-copy-bot |
|
Morning-Star213/Solana-pumpfun-bot |
|
warp-zara/solana-trading-bot |
|
harshith-eth/quant-bot |
Useful material?
Research
The blockchain has helped uncover the ties between cryptocurrency fundraising campaigns, exchangers in Syria, and intermediaries in several countries around the world. A telltale pattern has emerged in which the same addresses were used across multiple donation drives at once
Jun 24, 2026
Research
Four Iranian cryptocurrency exchanges accounted for roughly 78% of all digital asset volume tied to the country in 2025. They have now become the focal point of the largest U.S. sanctions campaign against Iran's cryptocurrency infrastructure.
Jun 5, 2026
Research
A financial system is already up and running on public blockchains, with loans, analogues of U.S. Treasuries, and automated capital markets. More than $551 billion has flowed through DeFi protocols — but most of that activity has nothing to do with the real economy and everything to do with the speculative build-up of risk.
May 29, 2026
Research
Around 97% of Chinese suppliers of chemicals used to make fentanyl accept payment in cryptocurrency. The volume of such transactions continues to grow alongside the global market for synthetic drugs
May 22, 2026
Research
For the first time, the new law makes blockchain analytics an officially mandatory tool of financial oversight in the United States. Authorities will also gain the power to restrict transactions with foreign crypto services tied to money-laundering risks.
May 20, 2026
Research
Working with cryptocurrencies requires more than just new technology — it demands a complete overhaul of internal processes. We explain how the financial sector is learning to control digital assets and detect threats
May 8, 2026
Telegram
Twitter