The hackers aren't coming for your keys anymore, they're coming for the people who write the code that protects your keys.
The Summary
- TrapDoor malware spread malicious packages across npm, PyPI, and Crates.io targeting crypto developers building on Aptos, Sui, and Solana.
- The attack hijacked AI coding assistants by injecting hidden instructions that turned developer tools into exfiltration vectors for wallet data, AWS keys, and GitHub tokens.
- Supply chain attacks on developer tooling are the new frontline: compromise the build environment, compromise everything downstream.
The Signal
Socket researchers flagged TrapDoor as a coordinated campaign that didn't bother with phishing emails or fake websites. The attackers went straight to the package registries where developers pull dependencies every single day. npm for JavaScript. PyPI for Python. Crates.io for Rust. They planted malicious packages that looked legitimate enough to slip past cursory reviews, then waited for developers to npm install their way into a compromise.
What makes this nastier than a typical supply chain attack: the malware specifically targeted crypto developer environments. Not general purpose credential harvesting. Focused exfiltration of wallet data, private keys, AWS credentials, and GitHub tokens from machines actively building DeFi protocols, Layer 1s, and wallet infrastructure.
"The attackers hijacked popular AI coding assistants by injecting hidden instructions."
Here's where it gets weird. TrapDoor injected instructions that compromised AI coding tools. Think Copilot, Cursor, other LLM-powered autocomplete systems that live inside your IDE. The malware added prompts or context snippets that made the AI suggest compromised code or exfiltrate data through what looked like normal autocomplete behavior. Your AI assistant became a data courier without you noticing.
The target list matters: Aptos, Sui, Solana development environments. These are the faster, cheaper alternatives to Ethereum where serious infrastructure money is flowing. If you compromise a developer working on a Solana DEX or an Aptos lending protocol, you're not just stealing credentials. You're potentially backdooring code that will handle millions in TVL.
Key attack vectors:
- Malicious packages disguised as legitimate dev tools
- Exfiltration of wallet private keys and seed phrases from local environments
- AWS and GitHub credential theft for infrastructure access
- AI coding assistant compromise for persistent, hidden data leakage
The stolen data included crypto wallet information, AWS keys, and GitHub tokens, which means attackers could deploy malicious contracts, push backdoored code to production repos, or spin up cloud infrastructure on someone else's dime. This isn't just theft. It's positional access for long-term compromise.
The Implication
If you're building anything in crypto, audit your dependencies like your private keys depend on it, because they do. Run package integrity checks. Pin versions. Use tools like Socket or Snyk to scan for anomalies before you pull. If you're using AI coding assistants, understand they're now part of your attack surface. Review what they suggest, especially anything touching credentials or network calls.
For companies: this is a canary for what's coming. As AI agents start writing more code and managing more infrastructure, the surface area for this kind of hybrid AI/supply-chain attack explodes. TrapDoor is version one. Wait until the malware learns to optimize its own stealth.