Weaponized PyPI Package Executes Supply Chain Attack to Steal Solana Private Keys

A chilling discovery by Socket’s Threat Research Team has exposed a meticulously crafted supply chain attack on the Python Package Index (PyPI), orchestrated by a threat actor using the alias “cappership.”

The attack leverages a malicious package named semantic-types to deploy a covert key-stealing payload, specifically targeting Solana blockchain developers.

This campaign, which has already seen over 25,900 downloads across six implicated packages, embeds a backdoor that silently exfiltrates private keys, posing a severe risk to developer environments and CI/CD pipelines.

At the time of reporting, these packages remain live on PyPI despite efforts to have them removed.

Sophisticated Malware Targets Blockchain Developers

The core of this attack lies in semantic-types, a package that serves as the delivery mechanism for the malicious payload.

Five other packages solana-keypair, solana-publickey, solana-mev-agent-py, solana-trading-bot, and soltrade depend on semantic-types, ensuring that a single pip install command for any of these libraries ...