TrapDoor Malware Infiltrates Crypto Dev Tools in Supply Chain Attack
Socket discovers "TrapDoor" supply chain attack targeting crypto/AI developers via malicious npm, PyPI, Crates packages. Over 34 packages and 384 versions aim to steal wallet data, SSH keys, and credentials, while also hijacking AI coding assistants like Claude and Cursor.
Quick Take
34+ malicious packages spread across npm, PyPI, and Crates ecosystems.
Malware targets crypto wallets: MetaMask, Coinbase, Binance, Solana, Sui, Aptos.
Attackers inject prompts to hijack AI assistants Claude and Cursor.
GitHub used for distribution; campaign shows signs of AI-assisted iteration.
Market Impact Analysis
NeutralSupply chain attacks raise security concerns but rarely affect broad crypto prices directly.
Speculation Analysis
Key Takeaways
- More than 34 malicious packages across npm, PyPI, and Crates ecosystems are spreading malware to steal developer credentials and wallet data.
- Attackers are targeting popular crypto wallets including MetaMask, Coinbase, Binance, Solana, Sui, and Aptos to drain funds and compromise keys.
- The malware injects hidden prompts to hijack AI coding assistants like Claude and Cursor, exfiltrating sensitive data under the guise of security scans.
- GitHub repositories serve as distribution points, and rapid iteration patterns suggest attackers are using AI to accelerate the campaign.
What Happened
Developer security platform Socket uncovered an active supply chain attack dubbed TrapDoor targeting crypto and AI developers. The campaign deployed more than 34 malicious packages across npm, PyPI, and Crates registries, with attackers rapidly pushing 384 related versions to avoid detection. These packages steal wallet data, SSH keys, cloud credentials, GitHub tokens, and browser extension data from unsuspecting developers.
The malware specifically targets popular crypto wallets like MetaMask, Coinbase, Binance, Solana, Sui, and Aptos. It also injects hidden instructions into AI coding assistants Claude and Cursor, tricking them into running fake security scans that exfiltrate sensitive files. GitHub repositories were used for distribution, and the attack shows signs of AI-assisted iteration, mirroring the May 20 GitHub compromise where an employee device was breached.
The Numbers
Socket identified 34+ unique malicious packages, but the campaign's agility is underlined by 384 version releases—attackers are updating their tools constantly to evade detection. The packages span three major ecosystems: npm for JavaScript/Node.js, PyPI for Python, and Crates for Rust. Six prominent crypto wallets are confirmed targets, along with the Brave browser. The GitHub compromise on May 20 underscores the supply chain's vulnerability, as attackers leveraged legitimate infrastructure to spread poisoned code.
Why It Happened
Developers routinely install packages from registries without thorough scrutiny, and attackers exploit this trust by crafting names that mimic legitimate tools—project setup helpers, Solidity utilities, Sui build helpers. Crypto and AI developers are high-value targets due to their access to wallets, keys, and cloud credentials. The rise of AI coding assistants introduces a novel attack surface: by injecting prompts, malware can manipulate assistants into executing data exfiltration under the guise of routine operations. The campaign's rapid iteration, likely AI-driven, enables attackers to stay ahead of defensive measures.
Broader Impact
This attack highlights a systemic risk in open-source development: a single compromised package can infiltrate countless downstream projects. The AI assistant hijack method could become a blueprint for future attacks. While direct market impact remains muted, the breach of trust may push package registries to implement stricter vetting. For crypto developers, the incident is a stark reminder that tooling security is as critical as smart contract audits.
What to Watch Next
- Monitor npm, PyPI, and Crates for new malicious packages, especially those posing as dev tooling or AI helpers.
- Watch for updates from GitHub and registry maintainers on takedowns or security advisories.
- Be alert for reports of actual wallet drains or credential leaks tied to TrapDoor.
This article is for informational purposes only and does not constitute financial advice.
Always late to trends?
Join for the latest news, insights & more.
Disclaimer: Bytewit is an independent media outlet that delivers news, research, and data.
© 2026 Bytewit. All Rights Reserved. This article is for informational purposes only.
