TrapDoor Supply Chain Attack Hits npm, PyPI and Crates.io With 34 Malicious Packages
According to SlowMist, the cross-registry TrapDoor campaign targets crypto, DeFi, Solana, Sui/Move and AI developers, prompting urgent package removal, credential rotation and system rebuilds from clean images.
SOL
SUI
Summary
SlowMist said the TrapDoor supply chain attack spans npm, PyPI and Crates.io through more than 34 malicious packages and 384 versions. The campaign targets developers in crypto, DeFi, Solana, Sui/Move and AI by compromising software dependencies used in developer environments. SlowMist urged affected teams to immediately remove the malicious packages, rotate credentials and rebuild impacted systems from clean images, underscoring the risk of credential theft and broader environment compromise.
Terms & Concepts
- Supply chain attack: A cyberattack that compromises software dependencies or distribution channels to reach downstream users and systems.
- DeFi: Short for decentralized finance, a set of blockchain-based financial services that operate without traditional intermediaries.
- Sui/Move: Sui is a blockchain platform that uses the Move programming language for smart contracts and digital asset applications.