CoinDesk
A newly identified supply-chain campaign dubbed TrapDoor has planted more than 34 malicious packages across npm, PyPI and Crates.io, specifically targeting crypto, DeFi, AI and security developers who are likely to have wallet keys, cloud credentials and production access on their machines. Researchers at Socket identified the attack this week and classified all campaign packages as malicious.
The packages were disguised as mundane developer utilities — names like "wallet-security-checker," "defi-risk-scanner," "solidity-build-guard" and "move-compiler-tools" — designed to blend in as the kind of small helpers a developer installs without much thought. Once installed, payloads searched for private keys, SSH keys, GitHub tokens, AWS credentials, browser data and wallet files, with some stolen credentials actively tested and SSH keys used to pivot into wider infrastructure.
TheBlock
WuBlockchain
CoinTelegraph