34 malicious packages discovered targeting Solana developers: Steals wallet credentials and SSH keys

Andrew Gibbs Posted on May 31 • Originally published at paragraph.com 34 malicious packages discovered targeting Solana developers: Steals wallet credentials and SSH keys # blockchain # infosec # npm # security Socket Security just published research on TrapDoor malware: 34 malicious packages targeting developers building on Solana, Aptos, and Sui. If you've installed any npm or PyPI packages from these ecosystems recently, your wallet may already be at risk even if nothing looks wrong yet. How it works: The packages execute on install. They silently harvest crypto wallet credentials, SSH keys, cloud credentials, browser-saved passwords, and environment variables — then exfiltrate everything to attacker infrastructure. The theft of your wallet doesn't happen immediately. Attackers wait for the right moment: a large deposit, a token unlock, a liquidity event. Three things to do right now: Check if your developer email appeared in an infostealer log: Stealer logs from infected machines are actively traded on criminal Telegram channels. If your email is in one, your credentials from that machine are compromised regardless of whether your wallet looks fine today Audit your browser extensions: TrapDoor harvests browser data. Malicious extensions re-harvest credentials on every login after initial infection. Remove anything you don't actively use or can't verify Move assets to a fresh wallet on a clean device if you installed packages from affected ecosystems in the last 30 days and can't confirm they were clean The on-chain monitoring fires after the transfer is already out. The attack starts in your dev environment, not on the blockchain. Full breakdown with remediation steps: https://medium.com/p/a4343023b319 Top comments (0) Subscribe Personal Trusted User Create template Templates let you quickly answer FAQs or store snippets for re-use. Submit Preview Dismiss Code of Conduct • Report abuse Are you sure you want to hide this comment? It will become hidden i