Public security warning and OSINT evidence index about Soldrift, the Telegram handle @devbeast5775, related GitHub traces, Solana bot tooling, wallet/private-key exposure risk, drain-tool risk, phishing-tool risk, malicious backdoor-system risk, and high-risk trading bot distribution patterns tracked since May 2026.
This repository exists to warn Solana users, Web3 builders, token launch teams, traders, server owners, and developers before they grant access to wallets, private keys, GitHub repositories, VPS servers, RPC credentials, gRPC tokens, exchange API keys, or trading infrastructure to unknown bot vendors.
- Name / public identifier: Soldrift
- Primary Telegram handle:
@devbeast5775 - Telegram URL:
t.me/devbeast5775 - Related public traces to monitor:
whistledev411,@whistle,@soldrift - Solscan wallet lead:
EfwJn8cXCYhcGrsavxWSDbUFHPrCK9gvdCr6AVywFBPg - Exchange-linked label observed in submitted evidence: KuCoin 2
- Tracking period: May 2026 onward
- Time standard: UTC
The full public report is published as a single-page multilingual OSINT security warning index.
Website contents include:
- Scam, drain, and phishing-tool warning
- Solana ecosystem security notice
- Telegram
@devbeast5775identifier emphasis - GitHub trace and alias-cluster monitoring
- Soldrift / whistledev411 / @whistle / @soldrift tracking notes
- Solscan wallet lead documentation
- KuCoin-linked transfer-row lead
- HFT, sniper, arbitrage, MEV, copy-trading, Raydium, Dexscreener, Pump.fun, PumpSwap, Meteora, Orca, Jupiter, Polymarket, Axiom, and casino-bot risk categories
- Private-key, wallet-drainer, malicious-backdoor, phishing-tool, and unsafe-bot warning matrix
- Evidence preservation protocol
- UTC-based update and tracking framework
- Multilingual warning interface
This repository was created as a public warning resource for the Solana and Web3 ecosystem.
The purpose is to warn users about developers, tool sellers, bot vendors, and anonymous Telegram operators who may distribute or promote:
- phishing systems
- wallet drainers
- unsafe wallet automation tools
- private-key capture tools
- malicious backdoor systems
- obfuscated trading bots
- encrypted bot packages
- unsafe HFT bots
- sniper bots
- arbitrage bots
- volume bots
- Raydium volume tools
- Dexscreener trend or volume manipulation tools
- Polymarket trading or win-rate manipulation bots
- Axiom trading bots
- casino or gambling-related phishing bots
- Solana launch, bundler, and copy-trading tools requiring real private keys
This repository is also intended to warn people who may be tempted to access, buy, run, deploy, fork, or resell these tools.
Do not run unknown Solana trading tools, sniper bots, bundlers, volume bots, arbitrage bots, HFT bots, copy-trading bots, wallet trackers, casino bots, or Telegram-distributed wallet tools on a funded machine.
Do not paste valuable secrets into any unknown tool, including:
PRIVATE_KEY- seed phrase
- funded wallet
- RPC key
- gRPC token
GRPC_ENDPOINTGRPC_TOKEN- exchange API key
- KuCoin API key
- GitHub token
- VPS root password
- SSH key
- server environment file
.envfile- Telegram bot
- dashboard
- compiled binary
- encrypted package
- remote server
Any tool requiring these values should be treated as unsafe until independently audited.
Search and monitor public GitHub, Telegram, search engines, blockchain explorers, and archive pages for the following categories:
- Soldrift devbeast5775
- Telegram @devbeast5775
- devbeast5775 Telegram
- t.me/devbeast5775
- Soldrift GitHub
- whistledev411
- @whistle
- @soldrift
- Solana phishing tool warning
- Solana wallet drainer warning
- Solana private key scam
- Solana HFT bot scam
- Solana sniper bot warning
- Solana arbitrage bot warning
- Solana MEV bot warning
- Solana copy trading bot risk
- Solana bundler scam warning
- Pump.fun sniper bot
- PumpSwap trading bot
- Raydium volume bot
- Raydium sniper bot
- Dexscreener volume bot
- Dexscreener trending bot
- Meteora sniper bot
- Orca trading bot
- Jupiter arbitrage bot
- Jito bundler bot
- Yellowstone gRPC sniper bot
- Shredstream Solana bot
- KuCoin API arbitrage bot
- KuCoin Solana HFT bot
- Polymarket bot
- Polymarket win-rate bot
- Axiom trading bot
- casino phishing bot
- wallet drainer bot
- malicious backdoor trading bot
- GitHub developer scam warning
- VPS root access developer scam
Public GitHub activity related to Soldrift and related identifiers should be monitored for repository movement, renaming, deletion, private conversion, lock events, and alias migration.
Important GitHub risk indicators include:
- repositories disappearing after exposure
- repositories returning 404 after being indexed
- README text being copied across accounts
- clone URLs pointing to different usernames
- Telegram handles changing
- profile images changing
- repository names changing
- new accounts selling similar Solana tools
- forked repositories reusing old sales language
- private-key tooling being presented as legitimate trading software
- encrypted or obfuscated bot packages being promoted as commercial tools
A GitHub account with many repositories or many followers does not prove that wallet-related software is safe.
The report includes a submitted Solscan wallet lead:
EfwJn8cXCYhcGrsavxWSDbUFHPrCK9gvdCr6AVywFBPg
Submitted evidence shows a high SOL balance and recent transfer rows involving a KuCoin-linked label at the time of capture.
The complainant alleges that this may be connected to KuCoin API-based high-performance arbitrage, HFT activity, or automated trading profit.
This repository records that claim as an investigative lead only. It does not independently prove wallet ownership, KuCoin API use, HFT operation, criminal intent, or profit source without further lawful blockchain analysis.
Recommended public OSINT steps:
- preserve transaction hashes
- preserve UTC timestamps
- archive Solscan pages
- compare transfer timing
- map exchange-linked deposit and withdrawal patterns
- preserve public wallet labels
- avoid doxxing
- avoid unauthorized access
- avoid publishing private personal information
Activity windows and broken-English writing patterns may be useful OSINT notes, but they do not prove that an operator is Korean, Asian, or any specific nationality.
However, because the reported contact pattern, Telegram sales flow, GitHub activity, and Solana bot offers may overlap Asia-Pacific users and time zones, crypto users in Korea, Japan, China, Southeast Asia, and the broader Asia-Pacific region should treat this identity cluster as high risk.
This warning is for security prevention, not nationality-based accusation or ethnic profiling.
이 저장소는 Soldrift, devbeast5775, Telegram @devbeast5775, 솔라나 스캠, 솔라나 드레인, 피싱툴 배포자, 악성 백도어 봇, 프라이빗키 탈취 위험, HFT 봇 사기, Raydium 볼륨 봇, Dexscreener 조작 봇, KuCoin API 차익거래 봇, 지갑 드레이너, GitHub 개발자 스캠 경고 검색을 위한 공개 보안 경고 색인입니다.
이 보고서는 2026년 5월부터 추적된 사용자 신고 기반 스캠, 드레인, 피싱툴, 악성 백도어 시스템 배포 패턴을 기록하며, Solana 생태계에서 이러한 도구를 구매·실행·배포하려는 사용자에게 경각심을 주기 위한 목적입니다.
If you interacted with any related tool, repository, Telegram contact, bot, dashboard, or VPS deployment, take the following actions immediately:
- Move all real funds to fresh wallets.
- Stop using any private key that was pasted into a tool or
.envfile. - Rotate all RPC keys and gRPC tokens.
- Rotate all exchange API keys.
- Rotate GitHub tokens and server passwords.
- Remove unknown SSH keys.
- Inspect PM2, crontab, systemd services, startup scripts, and hidden background processes.
- Search the codebase for outbound requests, webhooks, base64 blobs, dynamic execution, private-key storage, wallet export logic, and remote logging.
- Preserve evidence with UTC timestamps.
- Report suspicious repositories through official platform channels.
Preserve only lawful public evidence:
- public repository URL
- GitHub username
- repository description
- README text
- repository topics
- commit timestamps
- release files
- package names
- clone URLs
- Telegram handles
- profile screenshots
- demo links
- Solscan links
- transaction hashes
- public wallet addresses
- exchange-linked labels
- public issue or pull request records
- fork relationships
- archive snapshots
- UTC timestamps
Do not publish:
- private keys
- seed phrases
- API keys
- unrelated private messages
- personal addresses
- phone numbers
- unrelated identities
- unsupported personal information
This report refers only to the online identifier Soldrift, the Telegram handle @devbeast5775, related public GitHub traces, user-submitted screenshots, public blockchain leads, and the reported Solana/Web3 development incident.
It does not refer to unrelated companies, unrelated brands, unrelated businesses, or unrelated individuals using the same or similar names.
All statements should remain evidence-centered, correction-friendly, and limited to public safety documentation, user protection, and lawful OSINT preservation.
If any information in this report is inaccurate, outdated, incomplete, or misattributed, open an issue or submit a correction request with verifiable public evidence.
Accepted correction evidence may include:
- public GitHub links
- public Telegram profile evidence
- public blockchain explorer links
- UTC timestamped screenshots
- archive links
- repository ownership clarification
- transaction clarification
- official platform notices
- First tracking period: May 2026
- Report type: public safety warning
- Evidence type: user-submitted screenshots, public GitHub traces, public blockchain leads
- Time standard: UTC
- Primary handle: Telegram @devbeast5775
- Ecosystem: Solana / Web3 / GitHub / Telegram
- Risk categories: scam, drain, phishing-tool distribution, malicious backdoor risk, private-key exposure, HFT bot risk, sniper bot risk, arbitrage bot risk, wallet automation risk
- GitHub profile: Soldrift
- GitHub profile: whistledev411
- Repository trace: pumpfun-copy-trading-bot
- Solscan account lead:
EfwJn8cXCYhcGrsavxWSDbUFHPrCK9gvdCr6AVywFBPg
This repository is released for public safety, security awareness, lawful OSINT preservation, and Solana ecosystem risk documentation.
Do not use this repository to harass, dox, threaten, impersonate, hack, bypass access controls, or publish private personal information.
The purpose is to warn users about high-risk wallet tools, phishing systems, drain patterns, malicious backdoor risks, and unsafe bot distribution patterns.