A poisoned release of LiteLLM, a popular AI tool, was published to PyPI on March 24th, turning routine Python installs into a crypto-aware secret stealer. An attacker gained access to a maintainer account to publish malicious versions 1.82.7 and 1.82.8. Version 1.82.8 was particularly dangerous, executing compromised code automatically upon Python startup without direct import, affecting over 32,000 downloads in 46 minutes. The malware specifically targeted Bitcoin wallet configuration files, Ethereum keystore directories, and Solana configuration files, including validator key pairs crucial for operations. It also harvested SSH keys, environment variables, and cloud credentials from platforms like AWS. This incident highlights a significant risk for crypto teams, as the collected data could enable wallet drains, malicious contract deployments, or signer compromises.

A poisoned release of LiteLLM, a popular AI tool, was published to PyPI on March 24th, turning routine Python installs into a crypto-aware secret stealer. An attacker gained access to a maintainer account to publish malicious versions 1.82.7 and 1.82.8. Version 1.82.8 was particularly dangerous, executing compromised code automatically upon Python startup without direct import, affecting over 32,000 downloads in 46 minutes. The malware specifically targeted Bitcoin wallet configuration files, Ethereum keystore directories, and Solana configuration files, including validator key pairs crucial for operations. It also harvested SSH keys, environment variables, and cloud credentials from platforms like AWS. This incident highlights a significant risk for crypto teams, as the collected data could enable wallet drains, malicious contract deployments, or signer compromises.