GitHub | Crypto

GitHub said the activity involved the exfiltration of about 3,800 internal repositories, and it removed the malicious code extension. GitHub said on Wednesday it is investigating unauthorized access to its internal repositories following the compromise of an employee's device.  “While we currently have no evidence of impact to customer information stored outside of GitHub’s internal repositories, we are closely monitoring our infrastructure for follow-on activity,” the developer platform said in a statement. In a subsequent post, GitHub said it detected and contained a compromise of an employee device involving a poisoned VS Code extension on Tuesday. “We removed the malicious extension version, isolated the endpoint, and began incident response immediately,” it added.  Read more

On Apr. 22, a malicious version of Bitwarden's command-line interface appeared on npm under the official package name @bitwarden/cli@2026.4.0. For 93 minutes, anyone who pulled the CLI through npm received a backdoored substitute for the legitimate tool. Bitwarden detected the compromise, removed the package, and issued a statement saying it found no evidence that attackers […] The post Installing ‘official’ crypto tool turned laptops into launchpads to hijack GitHub accounts appeared first on CryptoSlate.

Security researchers said attackers are impersonating OpenClaw on GitHub, luring developers with bogus CLAW token giveaways that trick users into connecting their crypto wallets.

A fake GitHub repository posing as a Solana trading bot was used to distribute obscured malware that stole crypto wallet credentials, according to cybersecurity firm SlowMist. A GitHub repository posing as a legitimate Solana trading bot has been exposed for reportedly hiding crypto-stealing malware. According to a Friday report by blockchain security firm SlowMist, the now-deleted solana-pumpfun-bot repository hosted by account “zldp2002” mimicked a real open-source tool to harvest user credentials. SlowMist reportedly launched the investigation after a user found that their funds had been stolen on Thursday. The malicious GitHub repository in question featured “a relatively high number of stars and forks,” SlowMist said. All code commits across all its directories were made about three weeks ago, with apparent irregularities and a lack of consistent pattern that, according to SlowMist, would indicate a legitimate project. Read more

Hype moves fast, but real crypto innovation is quieter. Use GitHub, Discord and X to spot legitimate projects before they moon or rug. Real crypto projects show consistent GitHub activity, open development and active contributors, not abandoned repos or marketing fluff. Discord can reveal a project’s true momentum through developer interaction, roadmap updates and community-led feedback. X offers direct access to protocol founders and devs; follow conversations, not influencers, to catch real signals early. Read more