- Topic
65k Popularity
40k Popularity
33k Popularity
33k Popularity
75k Popularity
- Pin
- 🎉 The #CandyDrop Futures Challenge# is live — join now to share a 6 BTC prize pool!
📢 Post your futures trading experience on Gate Square with the event hashtag — $25 × 20 rewards are waiting!
🎁 $500 in futures trial vouchers up for grabs — 20 standout posts will win!
📅 Event Period: August 1, 2025, 15:00 – August 15, 2025, 19:00 (UTC+8)
👉 Event Link: https://www.gate.com/candy-drop/detail/BTC-98
Dare to trade. Dare to win. - 📢 Gate Square Exclusive: #WXTM Creative Contest# Is Now Live!
Celebrate CandyDrop Round 59 featuring MinoTari (WXTM) — compete for a 70,000 WXTM prize pool!
🎯 About MinoTari (WXTM)
Tari is a Rust-based blockchain protocol centered around digital assets.
It empowers creators to build new types of digital experiences and narratives.
With Tari, digitally scarce assets—like collectibles or in-game items—unlock new business opportunities for creators.
🎨 Event Period:
Aug 7, 2025, 09:00 – Aug 12, 2025, 16:00 (UTC)
📌 How to Participate:
Post original content on Gate Square related to WXTM or its
Warning: New Fake GitHub Trading Bot is Draining Solana Wallets
The cybersecurity company SlowMist has issued a warning after a user lost their cryptoassets by downloading something that looked like a legitimate Solana trading bot. The project named "solana-pumpfun-bot" claims to help users trade tokens on Pump.fun, a popular platform in the Solana ecosystem. But instead, it drained the user's wallet. Bots are innocent with a dangerous turn. Users downloaded an open-source bot from GitHub, ran it, and shortly after, their wallets were completely wiped out. At first glance, the project looks normal. It has stars, branches, and even recent commits. The project is a Node.js application that includes a hidden dependency - a package linked from a custom GitHub URL instead of the official NPM registry. This allows the malicious package to bypass NPM's security checks, making detection more difficult. After installation, the code will scan the victim's system to find wallet data and send their private keys to a remote server controlled by the attacker. To appear safe, the attacker used a fake GitHub account to clone and branch the project, giving it the appearance of being widely used. However, according to SlowMist, the entire codebase was uploaded just three weeks ago, which is a clear sign that something is wrong. In a tweet, SlowMist explained: "The perpetrator disguised a malicious program as a legitimate open-source project... users inadvertently ran a Node.js project that embedded malicious dependencies, exposing private keys and losing cryptoassets." Important warning for developers and traders SlowMist advises users to never blindly trust GitHub projects, especially those that require wallet access or handle private keys. If you need to test such tools, do so in a sandbox environment rather than with your real assets. The research team warns: "If you must test them, do so in an isolated environment, with a sandbox and without sensitive data." Why is this important? As more and more traders and developers rely on open-source tools in the crypto space, attacks like these are becoming harder to detect. The key point here is very simple: if a GitHub project relates to your wallet, consider it a high-risk project!