TrapDoor attack targets Solana, Sui and Aptos wallet data via dev packages

Security researchers at Socket have uncovered a supply-chain attack dubbed TrapDoor that targets developers working on the Solana, Sui and Aptos blockchain ecosystems. The campaign has spread more than 34 malicious packages across three major open-source programming registries, with hundreds of related versions and artifacts.

The attack is designed to steal wallet files, cloud credentials and production access keys from developers who unknowingly install the compromised packages. By focusing on developers rather than end users, the attackers aim to gain access to sensitive data that could lead to larger-scale theft of crypto assets. The TrapDoor campaign highlights a growing trend where threat actors use supply-chain infiltration to target high-value individuals within crypto development teams. For traders and investors, this underscores the importance of security practices in the projects they follow; compromised developer environments can lead to protocol exploits or fund losses. Users can check NowPrice's crypto page for real-time price data on affected tokens.

Moving forward, the crypto community should monitor for any suspicious activity related to the identified packages and verify the integrity of dependencies in their development pipelines. Socket has published a detailed report on the malicious packages, and developers are advised to audit their dependencies immediately. The incident serves as a reminder that security risks in the crypto space extend beyond smart contract vulnerabilities to include the software supply chain itself.