TrapDoor Malware Targets Crypto Dev Tools via npm, PyPI
Zach Anderson May 25, 2026 07:32
TrapDoor malware exploits npm, PyPI, and Crates.io in a coordinated supply chain attack targeting crypto and AI developers.
A new malware campaign, dubbed TrapDoor, is targeting crypto and AI developers through popular package repositories like npm, PyPI, and Crates.io, according to a May 25 report by developer security platform Socket. The attack’s goal is to steal crypto wallet data, SSH keys, GitHub tokens, and other sensitive credentials.
TrapDoor, first identified on May 22, reportedly deployed over 34 malicious packages across 384 versions, using AI-assisted methods to increase its reach. The malware is designed to infiltrate developer workflows by masquerading as legitimate tools such as project setup utilities, Solidity tooling, and AI-related libraries.
The campaign specifically targets developers in crypto, decentralized finance (DeFi), and AI, affecting popular wallets like Coinbase, Binance, Solana, Sui, Aptos, and MetaMask. It also attempts to exploit AI coding assistants like Claude and Cursor by injecting instructions that trick these tools into executing security scans, exfiltrating sensitive data in the process, according to Ahmad Nassri, CTO of Socket.
Supply Chain Vulnerability: A Growing Concern
This attack underscores a broader trend of threat actors abusing open-source ecosystems. npm, a widely used JavaScript repository, PyPI for Python developers, and Crates.io for Rust developers, have all been targeted. These repositories are critical resources for developers building applications in crypto and AI, making them ideal vectors for supply chain attacks.
GitHub, the platform used to distribute some of the malicious packages, was itself compromised on May 20, further illustrating the vulnerability of developer tools. According to Socket, the attack shows signs of rapid, AI-assisted iteration, leveraging techniques like prompt injection and partially implemented extraction concepts alongside working malware payloads.
Implications for Crypto and AI
For the crypto industry, already reeling from significant losses due to exploits in 2026, TrapDoor represents an alarming convergence of risks. The malware not only targets financial assets but also the broader development infrastructure, potentially compromising entire ecosystems. AI developers are similarly at risk as attackers exploit the growing reliance on automation and machine learning in software development.
TrapDoor’s ability to manipulate coding assistants like Claude and Cursor highlights the increasing sophistication of malware campaigns. By embedding malicious instructions into AI workflows, attackers expand their reach beyond traditional credential theft to include AI-driven environments.
What’s Next?
Security researchers emphasize the need for heightened vigilance from developers, particularly those working in crypto and AI. Verifying package authenticity, monitoring dependencies, and employing robust security measures like sandboxing are critical to mitigating risks.
The TrapDoor campaign serves as a wake-up call for the developer community to address emerging threats in supply chain security. As attackers leverage AI to accelerate their efforts, the crypto and AI sectors must adapt quickly to safeguard their tools and assets.
Image source: Shutterstock.jpg)