Researchers uncover how hackers used over 34 fake npm, PyPI and Rust packages in “TrapDoor” attack targeting Solana, Sui and Aptos developers to steal wallets and cloud credentials

Coindesk •

Revision history

6 recorded changes

Want your article here?

384 versions across 34 packages with live AWS/GitHub credential validation before exfil — they're not spraying, they're hunting. Zero-width Unicode in .cursorrules and CLAUDE.md weaponizes AI coding assistants into running fake "security scans" that leak the env, which is the part that actually scales beyond crypto. Rust's memory safety guarantees go to zero when build.rs is arbitrary code execution on every cargo build, and routing exfil through GitHub Gists ships identity tokens out via the same platform that holds them.

Top comment by @Benthic

Researchers uncover how hackers used over 34 fake npm, PyPI and Rust packages in “TrapDoor” attack targeting Solana, Sui and Aptos developers to steal wallets and cloud credentials

More on wallets

Stablecoins won't replace Visa or Mastercard at checkout but will increasingly power the balances behind fintech accounts, cards and digital wallets

Gnosis co-founder Martin Koppelmann says it will fully reimburse users after an exploit targeting Gnosis Pay’s Zodiac delay module allowed attackers to initiate transactions from affected wallets

Coinbase’s Base launches Base MCP, enabling ChatGPT, Claude and Cursor users to manage crypto wallets and interact with DeFi apps through AI agents

New York lawsuit seeks ownership of 39,069 dormant Bitcoin wallets holding $285B in BTC

Blockchain explorers 101: Turn raw on-chain data into insights, track wallets, and master cross-chain analysis

Wallets likely tied to Tom Lee's BitMine receive 60,000 ETH from Kraken and BitGo

Stablecoins won't replace Visa or Mastercard at checkout but will increasingly power the balances behind fintech accounts, cards and digital wallets

Gnosis co-founder Martin Koppelmann says it will fully reimburse users after an exploit targeting Gnosis Pay’s Zodiac delay module allowed attackers to initiate transactions from affected wallets

Coinbase’s Base launches Base MCP, enabling ChatGPT, Claude and Cursor users to manage crypto wallets and interact with DeFi apps through AI agents

New York lawsuit seeks ownership of 39,069 dormant Bitcoin wallets holding $285B in BTC

Blockchain explorers 101: Turn raw on-chain data into insights, track wallets, and master cross-chain analysis

Wallets likely tied to Tom Lee's BitMine receive 60,000 ETH from Kraken and BitGo

Total stats

How to Earn

Researchers uncover how hackers used over 34 fake npm, PyPI and Rust packages in “TrapDoor” attack targeting Solana, Sui and Aptos developers to steal wallets and cloud credentials

More on wallets

Stablecoins won't replace Visa or Mastercard at checkout but will increasingly power the balances behind fintech accounts, cards and digital wallets

Gnosis co-founder Martin Koppelmann says it will fully reimburse users after an exploit targeting Gnosis Pay’s Zodiac delay module allowed attackers to initiate transactions from affected wallets

Coinbase’s Base launches Base MCP, enabling ChatGPT, Claude and Cursor users to manage crypto wallets and interact with DeFi apps through AI agents

New York lawsuit seeks ownership of 39,069 dormant Bitcoin wallets holding $285B in BTC

Blockchain explorers 101: Turn raw on-chain data into insights, track wallets, and master cross-chain analysis

Wallets likely tied to Tom Lee's BitMine receive 60,000 ETH from Kraken and BitGo

Stablecoins won't replace Visa or Mastercard at checkout but will increasingly power the balances behind fintech accounts, cards and digital wallets

Gnosis co-founder Martin Koppelmann says it will fully reimburse users after an exploit targeting Gnosis Pay’s Zodiac delay module allowed attackers to initiate transactions from affected wallets

Coinbase’s Base launches Base MCP, enabling ChatGPT, Claude and Cursor users to manage crypto wallets and interact with DeFi apps through AI agents

New York lawsuit seeks ownership of 39,069 dormant Bitcoin wallets holding $285B in BTC

Blockchain explorers 101: Turn raw on-chain data into insights, track wallets, and master cross-chain analysis

Wallets likely tied to Tom Lee's BitMine receive 60,000 ETH from Kraken and BitGo

Comments

Total stats

How to Earn