Warning: New Virus Drains Crypto Wallets via GitHub

Warning: New Virus Drains Crypto Wallets via GitHub

Quỳnh Lê7/4/2025

1. A New Virus Is Draining Crypto Wallets

 

At the end of June 2025, cybersecurity group SlowMist discovered a dangerous new malware spreading via GitHub, disguised within fake libraries. This virus, named crypto-layout-utils, has already led to the theft of digital assets from many users' crypto wallets.

 

According to SlowMist, the malware is embedded in open-source projects under the guise of UI functionality but secretly contains tools to scan wallet data and private keys, which are then sent to the hacker’s server.

 

2. How Does the Crypto Virus Attack?

 

Attack method:

Masquerading as a UI library: The fake package crypto-layout-utils pretends to be a Web3 layout tool.

  • Installed via npm install: When users download the package from GitHub or npm, the malicious code is triggered.

  • Scans the entire file system: It looks for crypto wallets such as MetaMask, Coinbase, TrustWallet, etc.

   • Sends private key information to the hacker’s server.

The virus initially avoids detection because the code is minified and cleverly disguised.

 

3. Targeted Crypto Wallets

 

According to Kaspersky and SlowMist, the following wallets are most frequently targeted: MetaMask, Trust Wallet, Coinbase Wallet, OKX Wallet, Rainbow, Phantom.

In many cases, users are unaware that their assets have been accessed or stolen.

 

4. Who’s Most at Risk?

 

   • Web3 developers who install packages from GitHub/npm without checking them

   • New dApp developers testing wallets

   • Users downloading "free" Web3 UI tools

Attackers exploit the carelessness of developers and newcomers in the crypto space.

 

5. How to Prevent Crypto Viruses

 

   • NEVER share your private key or recovery phrase

   • DO NOT install unknown or suspicious packages

   • Inspect any minified or suspicious code

   • Use a separate wallet for testing contracts

   • Keep security tools updated (e.g., Slither, Hardhat, Mythril...)

 

6. Conclusion

 

Crypto-targeting malware is more dangerous than ever because it exploits trust within the open-source community. Installing a “free” package can unknowingly hand over your private key to a hacker.

Money Supply in Crypto: Impact and Investment Opportunities
Bài trước
Cash Flow in Crypto: Management and Importance
Bài tiếp theo