COINPURO - Crypto Currency Latest News logo COINPURO - Crypto Currency Latest News logo
BitcoinSistemi 2025-07-03 16:43:08

Warning: New Virus Detected That Drains Cryptocurrency Wallets – Here’s the Culprit Software and What to Do About It

Cybersecurity firm SlowMist has revealed that an open-source project called “solana-pumpfun-bot”, which was published on GitHub and attracted attention in the community, contained a fraud scheme targeting user wallets. According to the company, cryptocurrencies in the wallets of users running the project were stolen and some of the funds were transferred to a platform called FixedFloat. The incident came to light when a victimized user contacted the SlowMist team on July 2, 2025. According to the user’s statement, the cryptocurrencies in his wallet were stolen after he started using the “zldp2002/solana-pumpfun-bot” project on GitHub the day before. SlowMist’s post-incident analysis found that the project was based on Node.js and relied on a suspicious third-party package called “crypto-layout-utils.” This package is not listed in NPM’s official records and has been removed from the platform. Investigations revealed that malicious developers had manipulated the link in the package-lock.json file to direct users to install malicious software. Related News: Whale Purchase That Started the Great Rally in Ethereum in May Has Started! "$754 Million ETH Purchase Has Arrived!" Will the Same Rise Happen? SlowMist experts explained that the downloaded “crypto-layout-utils-1.3.1” package contained complex and obfuscated codes, and after analysis, these codes scanned the files containing wallets and private keys on the user’s computer and sent this data to a server belonging to the attacker named “githubshadow.xyz”. In addition, the analysis reported that the GitHub user (zldp2002), who is alleged to be the developer of the project in question, controls a large number of fake accounts and aims to reach more users by forking the project through these accounts. In some forks, a different malicious NPM package, “bs58-encrypt-utils-1.0.3”, was used. Following the incident, SlowMist tracked the attackers using an on-chain analysis tool called MistTrack, and found that the attackers had transferred some of the stolen cryptocurrencies to the FixedFloat platform. The malware attack is thought to have been active since June 12, 2025. SlowMist said that users should be extremely careful about software downloaded from open source platforms such as GitHub, especially in projects that involve private keys or wallet operations. In cases of necessity, it was recommended that such projects be run on an isolated machine that does not contain sensitive data. *This is not investment advice. Continue Reading: Warning: New Virus Detected That Drains Cryptocurrency Wallets – Here’s the Culprit Software and What to Do About It

阅读免责声明 : 此处提供的所有内容我们的网站,超链接网站,相关应用程序,论坛,博客,社交媒体帐户和其他平台(“网站”)仅供您提供一般信息,从第三方采购。 我们不对与我们的内容有任何形式的保证,包括但不限于准确性和更新性。 我们提供的内容中没有任何内容构成财务建议,法律建议或任何其他形式的建议,以满足您对任何目的的特定依赖。 任何使用或依赖我们的内容完全由您自行承担风险和自由裁量权。 在依赖它们之前,您应该进行自己的研究,审查,分析和验证我们的内容。 交易是一项高风险的活动,可能导致重大损失,因此请在做出任何决定之前咨询您的财务顾问。 我们网站上的任何内容均不构成招揽或要约