Monkey-Patched PyPI Packages Use Transitive Dependencies to Steal Solana Private Keys

Socket’s Threat Research Team uncovered a supply chain attack on the Python Package Index (PyPI), orchestrated by a threat actor using the alias cappership. The threat actor embedded a covert key‑stealing payload inside the Python package semantic‑types and made five other packages (solana-keypair, solana-publickey, solana‑mev‑agent‑py, solana‑trading‑bot, and soltrade) depend on it. This transitive dependency means a single pip install for any of the other five libraries automatically fetches and executes the hidden payload.\n\nOnce imported, the malware monkey-patches Solana key-generation methods by modifying functions at runtime without altering the original source code. Each time a keypair is generated, the malware captures the private key. It then encrypts the key using a hardcoded RSA‑2048 public key and encodes the result in Base64. The encrypted key is embedded in a spl.memo transaction and sent to Solana Devnet, where the threat actor can retrieve and decrypt it to gain full access to the stolen wallet.\n\nThe threat actor created polished README files and linked the malicious packages to legitimate Stack Overflow posts and GitHub repositories to lend credibility and conceal malicious intent. Collectively, the six packages have been downloaded more than 25,900 times, exposing thousands of developer environments and CI pipelines to silent wallet theft. At the time of publication, the packages remain live on PyPI. We have petitioned the repository for their removal.\n\nTo read the complete article see: Socket Blog.