web3.0
Slow Mist Cosine: The open source project Solana Sniper Bot has a hidden backdoor that can steal users' private keys
Slow Mist Cosine: The open source project Solana Sniper Bot has a hidden backdoor that can steal users' private keys
Blockchain security researcher dm tweeted on the 20th to warn, be careful when downloading and running Web3 projects on Github. He accidentally discovered an open source project called Solana Sniper Bot, which targets It steals the user's Solana private key, encodes checkrug.py in a base64/zlib loop, and then executes it secretly.
Yu Xian, the founder of the blockchain security company Slow Mist, shared the tweet and added that in short, the open source Bot hides the private key backdoor code. If the user is not familiar with the code, he will see fancy code (garbled code) You need to be vigilant, because there may be something fishy hidden in it: Crypto pays attention to open source, and if it is open source, it is eager to provide highly readable code, who will bother with these fancy codes. In addition, the author seems to have deleted the backdoor file. Players who have downloaded and used this bot can contact us.
The installer private key will be sent to Discord
X platform user Greysign shared the picture and pointed out that the author of Solana Sniper Bot submitted checkrug.py on Github not long ago, and you can see it after opening it It is a binary and encrypted file. The decryption function is placed in main.py. After the data is decrypted for the first time, it is a decryption algorithm, and it needs to go through countless layers of decryption.
Solana Sniper Bot hidden trap
It can be seen after decryption. The author will eventually transfer the user's private key to Discord. Greysign pointed out that he went to Github to report it. , left a message saying that there was malicious code, but was deleted by the author. Later, the author deleted the backdoor, but is working hard to update it: as more people use it, backdoors may be added at any time. Be sure to stay away from code libraries with a dark history.
The user’s private key will be transferred to Discord
The above is the detailed content of Slow Mist Cosine: The open source project Solana Sniper Bot has a hidden backdoor that can steal users' private keys. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
What are the recommended websites for virtual currency app software?
Mar 31, 2025 pm 09:06 PM
This article recommends ten well-known virtual currency-related APP recommendation websites, including Binance Academy, OKX Learn, CoinGecko, CryptoSlate, CoinDesk, Investopedia, CoinMarketCap, Huobi University, Coinbase Learn and CryptoCompare. These websites not only provide information such as virtual currency market data, price trend analysis, etc., but also provide rich learning resources, including basic blockchain knowledge, trading strategies, and tutorials and reviews of various trading platform APPs, helping users better understand and make use of them
How to calculate the transaction fee of gate.io trading platform?
Mar 31, 2025 pm 09:15 PM
The handling fees of the Gate.io trading platform vary according to factors such as transaction type, transaction pair, and user VIP level. The default fee rate for spot trading is 0.15% (VIP0 level, Maker and Taker), but the VIP level will be adjusted based on the user's 30-day trading volume and GT position. The higher the level, the lower the fee rate will be. It supports GT platform coin deduction, and you can enjoy a minimum discount of 55% off. The default rate for contract transactions is Maker 0.02%, Taker 0.05% (VIP0 level), which is also affected by VIP level, and different contract types and leverages
How to obtain the shipping region data of the overseas version? What are some ready-made resources available?
Apr 01, 2025 am 08:15 AM
Question description: How to obtain the shipping region data of the overseas version? Are there ready-made resources available? Get accurate in cross-border e-commerce or globalized business...
Python hourglass graph drawing: How to avoid variable undefined errors?
Apr 01, 2025 pm 06:27 PM
Getting started with Python: Hourglass Graphic Drawing and Input Verification This article will solve the variable definition problem encountered by a Python novice in the hourglass Graphic Drawing Program. Code...
Typecho route matching conflict: Why is my /test/tag/his/10086 matching TestTagIndex instead of TestTagPage?
Apr 01, 2025 am 09:03 AM
Typecho routing matching rules analysis and problem investigation This article will analyze and answer questions about the inconsistent results of the Typecho plug-in routing registration and actual matching results...
Which libraries in Go are developed by large companies or provided by well-known open source projects?
Apr 02, 2025 pm 04:12 PM
Which libraries in Go are developed by large companies or well-known open source projects? When programming in Go, developers often encounter some common needs, ...
How to withdraw Ouyi okex currency?
Mar 31, 2025 pm 09:33 PM
This article introduces in detail the steps and preparations for withdrawing OKX digital currency. First of all, it is necessary to ensure that account registration, real-name authentication has been completed, and sufficient withdrawal balance has been established. Secondly, be sure to prepare an accurate external storage address. The article then gradually explained the operation steps such as logging in to the account, entering the withdrawal page, selecting currency, filling in withdrawal information (including address, quantity, handling fee), confirming withdrawal and viewing withdrawal records, and emphasized the necessity of checking the information to avoid asset losses.
How to decode binary data of the on-board GPS positioning terminal and obtain positioning information?
Apr 01, 2025 pm 06:18 PM
Difficulty of data decoding of vehicle GPS positioning terminals I have an in-vehicle GPS positioning terminal that has successfully activated and set up the IP and terminal. However, on the server side, the...