1949
Happened to me multiple times
(lemmy.zip)
Post funny things about programming here! (Or just rant about your favourite programming language.)
You're spot on with the latter, I've come across a few projects over the years where the ownership is transferred and it's then loaded up with malware or even just instantly abandoned again because the new owner just wants it on their GitHub to get a job or something.
See: The Great Suspender
The original developer sold the repo to a new, anonymous maintainer. The new maintainer abandoned the repo but continued updating the Chrome Web Store version of the addon. That version eventually got delisted by Google for including malware.