Ddos 
Socket’s Threat Research Team has uncovered a sophisticated supply chain attack on the Python Package Index (PyPI) that exploits trust in open-source ecosystems to steal Solana private keys. The campaign—linked to a threat actor alias cappership—employs covert monkey-patching, transitive dependencies, and blockchain-based exfiltration to silently compromise developer environments.
At the center of the campaign is the package semantic-types, which contains a stealthy key-stealing payload. While it appears benign, it is secretly depended upon by five other malicious packages:
- solana-keypair
- solana-publickey
- solana-mev-agent-py
- solana-trading-bot
- soltrade
A single pip install of any of these fetches and executes the backdoor silently.
“This transitive dependency means a single pip install for any of the other five libraries automatically fetches and executes the hidden payload,” the researchers explain.
The malware dynamically rewrites Solana Keypair constructors via Python’s monkey-patching technique. When the infected package is installed, it modifies methods like Keypair.from_seed(…) and Keypair.from_bytes(…) in the background.
Each time a keypair is generated:
- The private key is extracted and converted to bytes.
- It is encrypted with a hardcoded RSA-2048 public key.
- The payload is Base64-encoded and sent as a memo transaction to Solana Devnet.
“Each time a project calls Keypair.from_seed or related methods, the monkey-patched wrapper silently spawns a background thread that transmits the 64-byte raw private key to the blockchain,” the report details.
This campaign wasn’t just about code—it was about credibility manipulation:
- Each malicious package featured professional README files, structured code samples, and external documentation links.
- They were linked to legitimate GitHub repos, Stack Overflow posts, and Solana documentation to build trust.
- Package names closely mimicked genuine tools, such as solana-keypair and solana-mev-agent-py.
“The threat actor enriched package metadata with links to real Stack Overflow discussions… This tactic reinforced the appearance of authenticity,” Socket explained.
Rather than using traditional C2 servers or domains, the threat actor:
- Sends encrypted private keys via memo transactions on Solana Devnet.
- Embeds the data in transactions that appear like normal blockchain activity.
- Ensures persistence and stealth by avoiding suspicious outbound traffic.
“Exfiltration is performed via a legitimate Solana RPC endpoint… allowing the payload to bypass traditional network defenses,” the report explains.
Socket has petitioned PyPI for immediate removal of these packages. “Collectively, the six packages have been downloaded more than 25,900 times… At the time of publication, the packages remain live on PyPI,” the report warns.
Related Posts:
- Malicious npm Packages Target Solana Developers, Stealing Private Keys via Gmail
- Solana Drainer Source Code Leak Reveals MS Drainer Connection, Underscores Growing Threat to Crypto Users
- PyPI Malware Alert: Malicious ‘solana-token’ Package Targets Solana Developers
- Malicious Browser Extension Hijacks Solana Transactions
- Solana Web3.js Library Compromised in Targeted Supply Chain Attack
Donate