- Topic
26k Popularity
2k Popularity
8k Popularity
16k Popularity
5k Popularity
2k Popularity
111k Popularity
26k Popularity
26k Popularity
17k Popularity
- Pin
- 🚨 Gate Alpha Ambassador Recruitment is Now Open!
📣 We’re looking for passionate Web3 creators and community promoters
🚀 Join us as a Gate Alpha Ambassador to help build our brand and promote high-potential early-stage on-chain assets
🎁 Earn up to 100U per task
💰 Top contributors can earn up to 1000U per month
🛠 Flexible collaboration with full support
Apply now 👉 https://www.gate.com/questionnaire/6888
- 🔥 Gate Square #Gate Alpha Third Points Carnival# Trading Sharing Event - 5 Days Left!
Share Alpha trading screenshots with #Gate Alpha Trading Share# to split $100!
🎁 10 lucky users * 10 USDT each
📅 July 4, 4:00 – July 20, 16:00 UTC+8
Gate Alpha 3rd Points Carnival Issue 10 is in full swing!
Trade and post for double the chances to win!
Learn more: https://www.gate.com/campaigns/1522alpha?pid=KOL&ch=5J261cdf
- 📢 Gate has released its latest Proof of Reserves report!
As of July 11, 2025:
💰 Total reserves reached $10.504 billion
📈 Reserve ratio stands at 126.03%
✅ Covers over 350 types of user assets
🔼 Surplus reserves increased 10.66% to $2.17 billion
Committed to transparency and user fund security.
📎 Learn more: https://www.gate.com/proof-of-reserves
- 📢 Gate Square #Creator Campaign Phase 1# is now live – support the launch of the PUMP token sale!
The viral Solana-based project Pump.Fun ($PUMP) is now live on Gate for public sale!
Join the Gate Square Creator Campaign, unleash your content power, and earn rewards!
📅 Campaign Period: July 11, 18:00 – July 15, 22:00 (UTC+8)
🎁 Total Prize Pool: $500 token rewards
✅ Event 1: Create & Post – Win Content Rewards
📅 Timeframe: July 12, 22:00 – July 15, 22:00 (UTC+8)
📌 How to Join:
Post original content about the PUMP project on Gate Square:
Minimum 100 words
Include hashtags: #Creator Campaign
- 🎉 [Gate 30 Million Milestone] Share Your Gate Moment & Win Exclusive Gifts!
Gate has surpassed 30M users worldwide — not just a number, but a journey we've built together.
Remember the thrill of opening your first account, or the Gate merch that’s been part of your daily life?
📸 Join the #MyGateMoment# campaign!
Share your story on Gate Square, and embrace the next 30 million together!
✅ How to Participate:
1️⃣ Post a photo or video with Gate elements
2️⃣ Add #MyGateMoment# and share your story, wishes, or thoughts
3️⃣ Share your post on Twitter (X) — top 10 views will get extra rewards!
👉
Solana users suffer from Private Key theft, with malicious NPM packages as the mastermind.
Solana users encounter Private Key theft incident, malicious NPM package becomes the culprit
In early July 2025, a theft incident targeting Solana users caught the attention of security experts. The incident originated from the victim using an open-source project hosted on GitHub called solana-pumpfun-bot, after which their crypto assets were stolen.
After the security team conducted an investigation, it was found that although the project had a high number of Stars and Forks, the code submission times were unusually concentrated, lacking the characteristics of continuous updates. Further analysis revealed that the project relied on a suspicious third-party package crypto-layout-utils, which has been removed from NPM by the official.
Investigators found that the attacker replaced the download link for crypto-layout-utils in the package-lock.json file with a version from a GitHub repository. This version is highly obfuscated and is actually a malicious NPM package that can scan sensitive files on the user's computer and upload content containing Private Key to a server controlled by the attacker.
The attacker may also have controlled multiple GitHub accounts to fork malicious projects and enhance their credibility. In addition to crypto-layout-utils, another malicious package named bs58-encrypt-utils was found to be involved in the attack.
Through on-chain analysis tools, the security team traced some of the stolen funds to a certain trading platform.
This incident highlights the hidden security risks in open-source projects. Attackers disguise themselves as legitimate projects and successfully lure users into running code with malicious dependencies through social engineering and technical means, resulting in private key leaks and asset losses.
Security experts advise developers and users to remain highly vigilant about unknown GitHub projects, especially when it involves wallet or Private Key operations. If debugging is necessary, it is best to do so in a separate environment without sensitive data.
This incident involves multiple malicious GitHub repositories and NPM packages, and the security team has compiled relevant information for reference. As attack methods continue to evolve, users should exercise extra caution when using open-source projects to guard against potential security threats.