- Topic
33k Popularity
227k Popularity
45k Popularity
175k Popularity
6k Popularity
- Pin
- 🎤 Cheer for Your Idol · Gate Takes You Straight to Token of Love! 🎶
Fam, head to Gate Square now and cheer for #TokenOfLove# — 20 music festival tickets are waiting for you! 🔥
HyunA / SUECO / DJ KAKA / CLICK#15 — Who are you most excited to see? Let’s cheer together!
📌 How to Join (the more ways you join, the higher your chance of winning!)
1️⃣ Interact with This Post
Like & Retweet + vote for your favorite artist
Comment: “I’m cheering for Token of Love on Gate Square!”
2️⃣ Post on Gate Square
Use hashtags: #ArtistName# + #TokenOfLove#
Post any content you like:
🎵 The song you want to he - ✈️ Gate Square | Gate Travel Sharing Event is Ongoing!
Post with #Gate Travel Sharing Ambassadors# on Square and win exclusive travel goodies! 💡
🌴 How to join:
1️⃣ Post on Square with the hashtag #Gate Travel Sharing Ambassadors#
2️⃣ You can:
Share the destination you most want to visit with Gate Travel (hidden gems or hot spots)
Tell your booking experience with Gate Travel (flights/hotels)
Drop money-saving/usage tips
Or write a light, fun Gate Travel story
📦 Prizes:
🏆 Top Ambassador (1): Gate Travel Camping Kit
🎖️ Popular Ambassadors (3): Gate Quick-Dry Travel Set
🎉 Lucky Participant
Solana Wallet遭遇NPM恶意包攻击 隐藏 Private Key窃取功能
Solana user assets stolen, malicious NPM package hides Private Key theft functionality
In early July 2025, a cryptocurrency user sought help from the security team, stating that their wallet assets were stolen after using an open-source project on GitHub called solana-pumpfun-bot. After an in-depth investigation, security experts revealed a meticulously planned attack.
Investigators first examined the GitHub project and found that its code submission timestamps were unusually concentrated, lacking the characteristics of continuous updates. Further analysis of the project dependencies revealed a suspicious third-party package called crypto-layout-utils. This package has been removed from the official NPM registry, and the specified version does not appear in the official history.
By examining the package-lock.json file, experts found that the attacker cleverly replaced the download link for crypto-layout-utils with a file from a GitHub repository. This replaced package was highly obfuscated, increasing the difficulty of analysis. It was ultimately confirmed that this was a malicious NPM package capable of scanning for sensitive files on the user's computer and uploading any discovered wallet Private Keys to a server controlled by the attacker.
The investigation also found that the attackers may have controlled multiple GitHub accounts to distribute malware and enhance project credibility. They increased project popularity through actions such as Fork and Star, enticing more users to download and use it. Some Fork projects also used another malicious package, bs58-encrypt-utils-1.0.3.
This attack combined social engineering and technical means, exhibiting a high degree of deception. The attackers disguised themselves as legitimate open-source projects, leveraging users' trust in GitHub projects to trick them into downloading and running code with malicious dependencies, ultimately leading to the leakage of the Private Key and theft of assets.
Security experts recommend that developers and users remain highly vigilant towards GitHub projects of unknown origin, especially when it involves wallet or Private Key operations. If debugging such projects is necessary, it is best to do so in a separate environment that does not contain sensitive data.
This event highlights the security challenges faced by the open-source community, reminding us to exercise extra caution when using third-party code, while also calling for strengthened security oversight of the open-source ecosystem.