Multiple Malicious Python Packages Targeting Bittensor Crypto Developers

SafeDep Team 2 min read

TL;DR

Multiple malicious Python packages targeting crypto developers and their applications were discovered on PyPI. The packages were used to steal funds by executing a stealthy staking operation. In this specific case, the attackers hooked a legitimate staking function to redirect the funds to their own wallet. The attack leveraged typosquatting to target the popular bittensor package.

Following malicious packages were disclosed by GitLab Vulnerability Research Team:

How SafeDep can protect developers?

SafeDep open source tools especially vet and pmg can help protect developers from malicious packages and other open source software supply chain attacks.

Our automated systems flagged the packages as suspicious due to multiple signals, including identifying the malicious code and intention in typosquatting packages. See example

  • Hardcoded destination wallet address 5FjgkuPzAQHax3hXsSkNtue8E7moEYjTgrDDGxBvCzxc1nqR
  • Forced transfer_all=True indicating operations without user consent
Malicious PackageSafeDep AnalysisFlagged At
[email protected]Link8/6/2025, 2:53:48 AM
[email protected]Link8/6/2025, 2:59:52 AM
[email protected]Link8/6/2025, 3:03:45 AM
[email protected]Link8/6/2025, 3:16:03 AM
[email protected]Link8/6/2025, 3:17:10 AM

SafeDep vet alerted users in CI/CD pipelines when trying to add any of the compromised package through a PR.

vet Bittensor Example

SafeDep pmg will alert developers when trying to install any of the compromised package.

pmg Bittensor Example

How to protect your project?

At SafeDep, we believe code is the source of truth. We perform code analysis to detect vulnerabilities and malicious code in open source packages. If that is not feasible, general security best practices can be used to protect against common open source software supply chain attacks.

  • Always vet open source packages for vulnerabilities and malicious code before use
  • Ensure branch protection rules require code review before merging
  • Establish trust on packages through its popularity, community or code review
  • Avoid using most recently released package versions
  • Prefer using open source packages only from trusted sources

SafeDep vet seamlessly integrates with your CI/CD pipeline and alerts you when trying to add any of the compromised package through a PR. SafeDep pmg will alert developers when trying to install any of the compromised package.

References

Share:

Protect Against Malicious Open Source Packages

Don't let supply chain attacks compromise your projects. SafeDep Vet helps you identify and prevent malicious packages before they enter your codebase.

View on GitHub Quick Start Guide
Previous Post
TensorFlow.js Typosquatting Attack: Malicious Package Targeting AI/ML Developers
Next Post
Security Risks in PEP 723 and uv: Inline Metadata Gone Wrong?
Back to Blog

Related Posts

View All Posts »
Secure Vibe Coding with AI Agents

Secure Vibe Coding with AI Agents

AI coding agents make development faster but can inadvertently introduce security risks by suggesting unvetted packages. Learn how to use vet MCP server for adding security to your vibe coding adventures.