- Topic1/3
57k Popularity
41k Popularity
54k Popularity
9k Popularity
22k Popularity
- Pin
- 🎉 The #CandyDrop Futures Challenge is live — join now to share a 6 BTC prize pool!
📢 Post your futures trading experience on Gate Square with the event hashtag — $25 × 20 rewards are waiting!
🎁 $500 in futures trial vouchers up for grabs — 20 standout posts will win!
📅 Event Period: August 1, 2025, 15:00 – August 15, 2025, 19:00 (UTC+8)
👉 Event Link: https://www.gate.com/candy-drop/detail/BTC-98
Dare to trade. Dare to win.
- 🎉 Gate Square Growth Points Summer Lucky Draw Round 1️⃣ 2️⃣ Is Live!
🎁 Prize pool over $10,000! Win Huawei Mate Tri-fold Phone, F1 Red Bull Racing Car Model, exclusive Gate merch, popular tokens & more!
Try your luck now 👉 https://www.gate.com/activities/pointprize?now_period=12
How to earn Growth Points fast?
1️⃣ Go to [Square], tap the icon next to your avatar to enter [Community Center]
2️⃣ Complete daily tasks like posting, commenting, liking, and chatting to earn points
100% chance to win — prizes guaranteed! Come and draw now!
Event ends: August 9, 16:00 UTC
More details: https://www
Attention: New Virus Detected that Empties Cryptocurrency Wallets! Here is the Guilty Program and What Needs to Be Done
The cybersecurity firm SlowMist revealed that the open-source project named "solana-pumpfun-bot" published on GitHub contains a fraud scheme targeting user wallets within the community. According to the information provided by the company, the cryptocurrencies in the wallets of users running the project were stolen, and some of the funds were transferred to a platform called FixedFloat.
The incident emerged on July 2, 2025, when a victim user reported to the SlowMist team. According to the user's statement, after starting to use the "zldp2002/solana-pumpfun-bot" project on GitHub a day earlier, the cryptocurrencies in their wallet were stolen.
In the analysis conducted by SlowMist after the incident, it was determined that the project is based on Node.js and operates with a suspicious third-party package named "crypto-layout-utils." This package is not listed in the official NPM registry and has been removed from the platform. Investigations revealed that malicious developers altered the link in the package-lock.json file, directing users to download harmful software.
SlowMist experts announced that the downloaded "crypto-layout-utils-1.3.1" package contains complex and hidden codes, and after analysis, these codes scanned the files containing wallet and private key on the user's computer and sent this data to a server belonging to the attacker named "githubshadow.xyz".
It was also reported in the analyses that the GitHub user, who is claimed to be the developer of the project in question, managed a large number of fake accounts with (zldp2002) and aimed to reach more users by forking the project through these accounts. In some forks, a different malicious NPM package called "bs58-encrypt-utils-1.0.3" was used.
After the incident, SlowMist detected through its on-chain analysis tool MistTrack that the attackers transferred some of the stolen cryptocurrencies to the FixedFloat platform. It is believed that the malware attack has been active since June 12, 2025.
SlowMist emphasized that users must be extremely cautious against software downloaded from open-source code platforms like GitHub, particularly in projects involving private keys or wallet transactions. In mandatory situations, it is recommended that such projects be run on an isolated machine that does not contain sensitive data.