Malicious Solana GitHub repo used crypto-themed social engineering and obfuscated NPM packages to steal wallet keys, SlowMist finds. Attackers lured users with a popular trading bot repository, concealed malware in fake dependencies, and exfiltrated private keys to a spoofed server — leading to asset theft across multiple cloned forks.