Socket uncovers 34-package Trapdoor campaign stealing crypto wallet keys from developers. Over 384 versions published since May 22 across three registries.
Alpha Score of 77 reflects strong overall profile with strong momentum, moderate value, strong quality, moderate sentiment.
Researchers at Socket have identified a supply chain attack targeting crypto developers across three major package registries. The campaign, dubbed Trapdoor, spans 34 packages on npm, PyPI, and Crates.io, encompassing over 384 versions. Some of those versions remain available for download.
The attack is designed to steal crypto wallet keys, SSH keys, cloud credentials, and GitHub tokens from developers working in blockchain and cryptocurrency projects. By focusing on developers rather than end users, the attackers aim for victims with a higher probability of holding large amounts of digital assets and having access to broader infrastructure.
Socket reported that the infected packages were published in waves starting on May 22 and were updated throughout the following weekend. The packages appeared in quick succession across the three registries and were disguised as generic developer tools. That pattern gave the campaign “broad reach across adjacent developer communities where crypto wallets, cloud credentials, Github tokens, and SSH keys are likely to be present,” Socket assessed.
The packages invade a developer’s environment by masquerading as legitimate open-source tools. Once installed, they exfiltrate secrets including crypto wallet private keys, Secure Shell (SSH) keys, and API tokens for cloud services. Socket noted that the packages stood out because they allegedly represented generic tools appearing in rapid succession – a hallmark of coordinated supply chain malware.
The attack covers the three largest package repositories for JavaScript, Python, and Rust ecosystems:
Developers in blockchain projects frequently use all three, making the cross-registry coverage particularly dangerous. A compromised dependency in any one language could propagate to projects that bridge multiple stacks.
Trapdoor targets individuals who build and maintain crypto infrastructure. The stolen data allows attackers to drain wallets, infiltrate development servers, and pivot to cloud environments.
Socket’s analysis shows that the malware attempts to grab these credentials from environment variables, configuration files, and local storage paths common in developer setups.
Supply chain attacks are efficient. A single compromised developer at a crypto exchange, a DeFi protocol, or a wallet provider can expose downstream users and systems. The September 2024 attack cited by Socket – where packages used by crypto wallets were modified to steal funds – demonstrates the pattern. In that incident, wallets containing bitcoin, ether, and solana were drained. Trapdoor follows the same logic but widens the net across three registries.
Trapdoor includes an experimental component aimed at AI-assisted development environments. The malware uses directive files designed to trick AI coding tools into running a security scan that exfiltrates sensitive data.
Socket stated that while this technique could not work consistently across all AI tools and models, its presence shows that attackers “are actively experimenting with AI development environments as part of supply chain malware campaigns.” The directive files instruct the AI tool to perform a scan on the developer’s project and send the results to an external server. Even if the technique succeeds in only a fraction of cases, the low cost of distribution makes it worthwhile.
The inclusion of AI-directive attacks suggests future campaigns will target Cursor, Copilot, Codeium, and similar coding assistants. Any tool that can execute or parse commands from a dependency or workspace file becomes a potential vector.
Supply chain attacks against crypto developers have accelerated. The Google Threat Intelligence Group previously warned about a malware campaign implemented by North Korea that uses EtherHiding – a technique that hides malicious code in smart contract transactions. In September 2024, several packages used by crypto wallets were compromised, leading to theft of BTC, ETH, and SOL from users.
Trapdoor represents an expansion in both scope and sophistication. Earlier campaigns targeted one registry at a time. Trapdoor hits three simultaneously, and its attempt to weaponize AI tools marks a new frontier.
The Trapdoor campaign is live and active. Developers should audit their dependency trees for any of the flagged packages and monitor for suspicious outbound network requests. For investors and risk managers, the event reinforces that crypto infrastructure remains vulnerable at the tooling layer. A single compromised dependency can lead to wallet drains, exchange breaches, and protocol exploits. Security teams should treat the May 22 publication date as T=0 and assume that some installations have already occurred.
Prepared with AlphaScala research tooling and grounded in primary market data: live prices, fundamentals, SEC filings, hedge-fund holdings, and insider activity. Each story is checked against AlphaScala publishing rules before release. Educational coverage, not personalized advice.