Malicious PyPI Package Steals Solana Wallets Private Key Via Supply Chain Attack

A significant supply chain attack has been uncovered in the Python Package Index (PyPI), placing thousands of Solana developers at risk through a malicious campaign orchestrated by a threat actor known as “cappership.”

The attack revolves around the seemingly benign package semantic-types, which, since late January 2025, has contained covert malware engineered to exfiltrate private keys from Solana wallets during software development and automated build processes.

Attackers Use Python Package Index

The attackers designed five additional PyPI packages solana-keypair, solana-publickey, solana-mev-agent-py, solana-trading-bot, and soltrade to depend transitively on semantic-types.

This dependency structure guaranteed that any installation or update of the Solana-related packages would also execute the hidden payload embedded in semantic-types, even if developers never imported it directly in their code.

The core of the attack exploits Python’s dynamic nature through a technique called “monkey patching.”

Upon import, semantic-types modifies several keypair generation methods in the solders library especially constructors like Keypair.from_seed(), Keypair.from_bytes(), and Keypair.from_base58_string().

The patched functions silently capture every private key created, encrypt it using a hardcoded RSA-2048 public key, and encode the ciphertext in Base64.

The exfiltrated data is then embedded into a spl.memo transaction and broadcast to the Solana Devnet blockchain, where only the attacker (holding the decryption key) can recover the secrets.

This methodology allows the data theft to masquerade as routine blockchain activity, bypassing most intrusion detection and network monitoring tools.

Covert Monkey-Patching

To enhance credibility and evade suspicion, the attacker published detailed and professional-looking documentation for the malicious packages, linking to legitimate Stack Overflow posts, GitHub repositories, and official Solana documentation.

These efforts, combined with the use of package names that closely mimic trusted Solana tools, enabled the malware to gain traction rapidly.

Collectively, the six packages have been downloaded over 25,900 times, exposing thousands of individual developer machines and continuous integration (CI) pipelines to compromise.

The attack timeline reveals a methodical approach: initial benign versions of the packages were published in December 2024, establishing trust within the community.

The malicious payload was introduced on January 26, 2025, with subsequent updates ensuring maximal reach particularly targeting developers and organizations who automatically update dependencies or manage loosely pinned version ranges.

According to the Report, Security researchers emphasize the sophistication of this campaign. By leveraging transitive dependencies and blockchain-based exfiltration channels, the attacker established a stealthy and persistent threat capable of evading standard security controls.

The use of the PyPI ecosystem trusted by much of the open-source Python community demonstrates the pressing need for vigilant dependency scrutiny and enhanced runtime monitoring, especially in blockchain and cryptocurrency-focused projects where private key compromise can result in direct financial loss.

Given the scope of this supply chain compromise, all developers who installed or updated any of the six affected packages after January 26, 2025, are strongly advised to consider all Solana private keys on impacted systems as compromised.

Organizations must review dependency lists, purge tainted packages from artifact caches, and rotate any credentials or keys that may have been exposed.

Security teams are urged to perform deep-dependency analyses, enforce stricter CI/CD controls, and monitor for unusual cryptographic or thread-scheduling activity at package import time.

Indicators of Compromise (IOC)

Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates.