A threat actor using the alias cappership executed a supply chain attack on PyPI by embedding a key-stealing payload within the semantic-types package and related dependencies, affecting thousands of Solana developers. The malware exfiltrates private keys via encrypted transactions on Solana Devnet, making detection difficult due to its stealthy runtime monkey patching and use of legitimate blockchain channels. #semantic-types #cappership #SolanaDevnet
Keypoints
- The threat actor cappership published six malicious PyPI packages, notably semantic-types, which contains the key-stealing payload targeting Solana private keys.
- Five other packages depend on semantic-types, enabling transitive installation and automatic execution of the malicious code during normal package use.
- The malware applies monkey patching to the solders.keypair.Keypair constructors, capturing private keys at generation without modifying source code files.
- Exfiltration of stolen keys is performed using encrypted spl.memo transactions sent to the Solana Devnet blockchain, bypassing typical network defenses.
- The attacker created credible documentation and linked to legitimate resources like GitHub and Stack Overflow to disguise the campaign and build trust.
- Packages have been downloaded over 25,900 times, exposing many developer environments and CI pipelines to compromise.
- Developers who installed or updated the packages since January 26, 2025, should consider their Solana private keys compromised and take remediation steps.
MITRE Techniques
- [T1195.002] Supply Chain Compromise – Compromised the software supply chain by embedding a malicious payload in PyPI packages. (‘…a supply chain attack on the Python Package Index (PyPI)…’)
- [T1036.005] Masquerading – Used legitimate package names and credible documentation to blend into developer workflows. (‘…crafted polished README files and linked the malicious packages to legitimate Stack Overflow posts and GitHub repositories to lend credibility…’)
- [T1573.002] Encrypted Channel: Asymmetric Cryptography – Exfiltrated keys encrypted with a hardcoded RSA-2048 public key. (‘…encrypts the key using a hardcoded RSA-2048 public key…’)
- [T1059.006] Command and Scripting Interpreter: Python – Executed malicious Python code via monkey-patching of runtime functions in the solders.keypair.Keypair class. (‘…the malware monkey-patches Solana key-generation methods…’)
- [T1608.001] Stage Capabilities: Upload Malware – Uploaded exfiltrated data to the Solana Devnet blockchain through spl.memo transactions. (‘…sent to Solana Devnet…embedded in a spl.memo transaction…’)
- [T1119] Automated Collection – Automatically collected private keys by intercepting keypair constructor methods. (‘…Each time a keypair is generated, the malware captures the private key…’)
- [T1657] Financial Theft – Stolen private keys enable theft of wallet funds. (‘…the threat actor can retrieve and decrypt it to gain full access to the stolen wallet…’)
Indicators of Compromise
- [Malicious PyPI Packages] Names associated with the campaign – semantic-types, solana-keypair, solana-publickey, solana-mev-agent-py, solana-trading-bot, soltrade
- [Threat Actor Alias and Email] Identity markers – cappership, [email protected]
- [Threat Actor Solana Public Key] Used to sign exfiltration transactions – D782zqWjgSvy4hQoqzY1ySrGrotnXm1suJeXFur8sAko
- [RSA-2048 Public Key Fingerprint] Used for encryption of stolen keys – 5a4d8480c9d1e82ba102f200258882fb9e694e8fc0343b6982c5540beccdca62
Read more: https://socket.dev/blog/monkey-patched-pypi-packages-steal-solana-private-keys