Urgent Warning: A New Virus is Silently Draining Funds from Crypto Wallets

The cybersecurity company SlowMist has just issued an urgent warning about a new virus targeting cryptocurrency users, disguised as an attractive trading tool. This malware hides within an open-source project named "solana-pumpfun-bot" posted on the GitHub platform.

Instead of helping users trade, its true purpose is to silently steal all the assets in their wallets. The incident was exposed when a victim contacted SlowMist on July 2, 2025, reporting that their wallet had been completely drained after using this bot. The investigation shows that this attack campaign may have been active since June 12, 2025. Sophisticated Attack Mechanism The attack method of this virus is extremely sophisticated. It exploits a third-party malware package called "crypto-layout-utils" that is secretly installed on the user's computer. This malware will then scan the victim's computer for files containing wallets and private keys, and then send all this data back to the attacker's server. To increase credibility and deceive more people, the person behind ( GitHub account zldp2002) also operates a large network of fake accounts to continuously copy ( fork ) projects, making it look popular and trustworthy. Safety Advice and Attack Traces In light of this serious threat, SlowMist advises users to exercise extreme caution with software downloaded from open-source platforms like GitHub, especially those projects that require access to private keys. The safest solution is to run them on a virtual machine or a separate device that does not contain any sensitive data. During the investigation, SlowMist traced the flow of funds and discovered that a portion of the stolen assets had been transferred to the FixedFloat platform. The incident is a stark reminder of the potential risks when using unverified tools in the crypto space.