A sophisticated crypto-theft campaign dubbed TrapDoor is targeting blockchain developers with fake tooling packages designed to steal wallet keys, SSH credentials and cloud access tokens across Solana, Sui and Aptos ecosystems.
Security researchers at Socket identified the supply-chain attack earlier this week, discovering over 34 malicious packages distributed through three major open-source programming registries: npm for JavaScript, PyPI for Python and Crates.io for Rust. The campaign includes hundreds of related versions and artifacts.
Market Context
The attack represents a shift in crypto-threat tactics, moving away from direct phishing of retail users toward compromising the developer infrastructure that powers blockchain ecosystems. This approach allows attackers to potentially access multiple protocols andDeFi platforms simultaneously by breaching a single developer's workstation.
The targeted registries are foundational to modern software development, with npm alone serving billions of weekly downloads. By compromising packages masquerading as helpful utilities, attackers can harvest credentials from developers who may have production access to live DeFi protocols and treasury wallets.
Analysis
Researchers noted the attack was deliberately designed to appear mundane. Package names included "wallet-security-checker," "defi-risk-scanner," "solidity-build-guard," "move-compiler-tools" and "llm-context-compressor"—utilities that blockchain developers might install without extensive vetting.
The malware went beyond typical package stealers. In npm packages, the payloads searched developer machines for private keys, passwords, GitHub tokens and cloud login credentials before testing stolen credentials and attempting lateral movement through SSH keys. The attackers also planted hidden instructions in .cursorrules and claude.md files using zero-width Unicode characters, potentially allowing future AI coding assistant sessions to automatically collect and exfiltrate secrets.
Rust packages deployed malicious build.rs scripts during compilation specifically targeting Sui and Move developers. PyPI packages executed remote JavaScript upon import, while npm packages used postinstall hooks for initial execution.
"The package install is only the first step, with the real target being the workstation—wallets, repos, browser data, cloud keys, SSH access," Socket researchers noted in their analysis.
Key Numbers
- 34+ malicious packages identified across three registries
- Hundreds of related versions and artifacts in circulation
- Three programming languages targeted: JavaScript (npm), Python (PyPI) and Rust (Crates.io)
- Five major package names identified as malicious tooling disguises
- Zero-width Unicode characters used to hide AI assistant instructions
What to Watch
Socket reported the malicious packages to affected registries, which classified them as harmful. Developers working with Solana, Sui or Aptos should audit their installed dependencies immediately and rotate any credentials that may have been exposed on development machines. The attacker also opened pull requests to various AI and developer projects attempting to add .cursorrules files through legitimate open-source contribution channels.
No victims or stolen funds have yet been identified, but the breadth of targeting suggests significant potential exposure across multiple blockchain ecosystems.