Solana, Sui and Aptos wallet data targeted in TrapDoor package attack
The campaign targets crypto, DeFi, AI and security developers with fake tooling packages to steal wallets, SSH keys, GitHub tokens, cloud credentials and browser data.
By Shaurya Malwa|Edited by Sheldon RebackUpdated May 29, 2026, 9:15 a.m. Published May 29, 2026, 8:19 a.m. 2 min readMake preferred on
What to know:
- A newly discovered supply-chain campaign called TrapDoor has planted more than 34 malicious packages across npm, PyPI and Crates.io to target crypto and cloud developers.
- The packages, disguised as mundane developer utilities and security tools, were designed to steal SSH keys, wallet files, AWS credentials, GitHub tokens, browser data and other sensitive configuration files.
- Researchers say the attackers also abused AI configuration files like .cursorrules and CLAUDE.md with hidden instructions, aiming to hijack future AI coding sessions to run fake security scans that exfiltrate secrets.
A new crypto-theft campaign is targeting the developers most likely to have wallet keys, cloud credentials and production access sitting on their machines.
Researchers at security firm Socket said earlier this week they identified a supply-chain attack called TrapDoor spread across three major open-source programming registries, with more than 34 malicious packages and hundreds of related versions and artifacts.
A key takeaway is that attackers are becoming more focused. In addition to social engineering, which targets individuals holding key information, supply-chain attacks are built not to catch random retail users but developers. Those are the very people who may have wallet files, SSH keys, GitHub tokens, cloud credentials and production access on the same machine they use to build crypto and AI tools.
Socket did not identify victims or stolen funds, but said the packages were live across npm, PyPI and Crates.io and contained payloads that could steal wallet data, exfiltrate credentials, test AWS and GitHub tokens and leave behind files to keep access active.
The packages programmed in JavaScript, Python and Rust were disguised as developer helpers, security scanners, wallet tools, Solidity utilities, AI prompt packages and Sui or Move build helpers.
Boring by design
The names were boring by design. Packages were named "wallet-security-checker," "defi-risk-scanner," "solidity-build-guard," "move-compiler-tools" and "llm-context-compressor," looking like the kind of small utilities a crypto or AI developer might install without much thought.
Once installed, however, the payloads tried to pull far more than package data.
In the npm packages, the malware searched a developer’s machine for private keys, passwords, GitHub tokens and cloud logins. It also tested some stolen credentials, tried to move into other systems through SSH keys and left behind files that could keep the infection active.
SSH keys are login files that developers use to access servers, code repositories and other machines. If stolen, they can let an attacker move from one compromised laptop into a company’s wider infrastructure.
The attack also uses files such as .cursorrules and claude.md, which allow developers to give project-specific instructions to AI coding tools. Socket said the campaign planted hidden instructions using zero-width Unicode characters, apparently trying to make future AI assistant sessions run fake “security scans” that collected and exfiltrated secrets.
That turned the attack from a normal package stealer into something closer to developer-environment malware. The package install is only the first step, with the real target being the workstation, such as wallets, repos, browser data, cloud keys, SSH access and whatever AI coding tools read next.
The Rust packages used malicious build.rs scripts to run during compilation, targeting sui and move developers. PyPI packages executed remote JavaScript on import. Packages on npm used postinstall hooks.
Socket said it reported the packages to affected registries and classified the campaign packages as malicious. The company also warned that the attacker opened pull requests to AI and developer projects, trying to add .cursorrules and CLAUDE.md files through normal open-source contribution paths.
HackMore For You
Why the Ethereum Foundation is suddenly again at the center of crypto’s culture war
By Margaux Nijkerk|Edited by Nikhilesh De14 hours ago
In this week's edition of The Protocol Newsletter, we're diving deep into the institution that has been the main steward for the Ethereum blockchain, and why its been back in the spotlight.
What to know:
Welcome to The Protocol, CoinDesk’s tech newsletter covering the most important stories in blockchain. I’m Margaux Nijkerk, a reporter at CoinDesk.
We’re revamping the newsletter to bring you a deeper look at the biggest trends, breakthroughs and debates shaping blockchain technology each week.
This week, we’re diving into why...
Read full storyLatest Crypto News
Strategy's STRC slips below $99 as Strive captures investor attention
49 minutes ago
OKX Ventures buys $53 million stake in Korea's Coinone exchange
3 hours ago
XRP rebounds above $1.30 after volume surge, but bears still control the bigger picture
4 hours ago
Bitcoin, ether little-changed despite record stocks, falling oil and easing war fears
5 hours ago
Bitcoin's record holder supply hides a buyer drought, CryptoQuant says
5 hours ago
Calamos bets protected Bitcoin ETFs can outlast crypto market swings
11 hours agoTop Stories
Crypto trading firm FalconX confidentially files with SEC for IPO, hires bankers
14 hours ago
Hyperliquid's pre-IPO SpaceX contracts suffer 45% flash crash, liquidating $1.5 million
16 hours ago
Why the Ethereum Foundation is suddenly again at the center of crypto’s culture war
14 hours ago
Asset manager Grayscale delays IPO plans as crypto listing boom loses steam
20 hours ago
