Bitcoinlib Targeted by Malicious Python Packages
Security researchers have uncovered a supply chain attack targeting users of the `bitcoinlib` Python library. Malicious packages were uploaded to PyPI, disguised as fixes, with the aim of stealing database files and compromising cryptocurrency wallets.
The malicious packages, `bitcoinlibdbfix` and `bitcoinlib-dev`, were promoted as solutions for user-encountered errors. The code overwrites a legitimate command-line interface command to exfiltrate sensitive database files containing private keys and seed phrases.
Security firm ReversingLabs detected the threat, and both packages have been removed from PyPI. This incident highlights the growing threat of supply chain attacks in the cryptocurrency ecosystem and emphasizes the need for developers to verify third-party libraries and implement robust security practices.


Cryptovka
Bitcoinlib Targeted by Malicious Python Packages Draining Wallets
Security researchers have uncovered a supply chain attack targeting users of a popular Python library for Bitcoin, `bitcoinlib`....


















