🔐 Warning: New Virus Detected That Drains Cryptocurrency Wallets – Here’s the Culprit Software and What to Do About It
Cybersecurity firm SlowMist has uncovered a malicious open-source project on GitHub named solana-pumpfun-bot, which silently compromised user wallets.
A user reported the issue on July 2, 2025, after losing funds by running the project. The Node.js code relied on a fake NPM package (crypto-layout-utils), which secretly scanned and extracted private keys, sending them to a server (githubshadow.xyz).
📦 Some forks used another harmful package: bs58-encrypt-utils.
💸 Stolen assets were later traced to FixedFloat via blockchain tracking tools.
🕵️ The attack had been live since June 12, 2025.
🧠 Key Takeaway: Always audit dependencies and avoid running wallet-related code from unknown or unverified sources. If necessary, use a clean, isolated environment.
⚠️ In crypto, convenience can be costly. Trust, but always verify.
Not investment advice.
