TrapDoor malware targets crypto developer tools in supply-chain attack

Security researchers at Socket have disclosed a supply-chain campaign dubbed "TrapDoor" that distributes credential-stealing malware through developer package registries, targeting cryptocurrency, DeFi and AI engineering workflows. The research shows attackers are publishing packages designed to blend into normal developer toolchains across npm, PyPI and Crates.io.

According to Socket's analysis, the operation has published at least 34 malicious packages and several hundred related versions since it was first observed, with public disclosure on May 24, 2026. The malicious code attempts to exfiltrate wallet keystores, Secure Shell (SSH) keys, cloud service tokens, GitHub access tokens, browser extension data and API keys. Socket's technical notes indicate some payloads also inject hidden prompts or configuration files intended to manipulate AI coding assistants such as Claude and Cursor, coaxing those tools into revealing secrets under the guise of a "security scan."

While the immediate market reaction to such an operational security incident may be muted, the implications for crypto projects and developer ecosystems are material. Compromised developer credentials and wallets can lead to direct fund losses and reputational damage, increasing operational costs and pushing projects to accelerate security spend. The speed at which malicious versions were published and, in some cases, removed highlights both the agility of attackers and the gaps in registry vetting processes.

In a broader context, TrapDoor underscores the expanding attack surface created by automatic dependency resolution and the integration of AI-assisted development tools into standard workflows. The campaign follows a series of recent supply-chain incidents and demonstrates attackers are experimenting with novel techniques—including indirect prompt injection—to abuse automated assistants and developer automation.

Security practitioners recommend immediate mitigation steps: rotate compromised keys and tokens, audit recent dependency changes, enforce strict version pinning and use vetted scanning tools in CI/CD pipelines. Analysts expect increased scrutiny from platform maintainers and a likely acceleration in adoption of provenance, signing and dependency isolation measures. Over the medium term, organizations that harden developer environments and limit secret exposure will reduce their vulnerability to similar campaigns.