# “TrapDoor” Supply-Chain Attack Targets Solana, Sui, and Aptos Wallets — 34+ Malicious Packages Found
Security researchers have uncovered a sophisticated supply-chain attack campaign dubbed “TrapDoor” that planted more than 34 malicious software packages across three major open-source registries, specifically targeting developers working with Solana, Sui, and Aptos blockchain ecosystems.
The campaign, identified by cybersecurity firm Socket, distributed malicious packages across npm, PyPI, and Crates.io — the primary package registries for JavaScript, Python, and Rust respectively. The packages were designed to steal wallet files, SSH keys, GitHub tokens, cloud credentials, and browser data from the machines of crypto and blockchain developers.
## How the TrapDoor Attack Works
The attackers disguised their malicious code as legitimate-looking developer utilities, including names like “wallet-security-checker,” “defi-risk-scanner,” “solidity-build-guard,” “move-compiler-tools,” and “llm-context-compressor.” These seemingly harmless tools were programmed to install backdoors and exfiltrate sensitive data once downloaded.
The attack was multi-layered, with different payloads depending on the package registry:
**npm packages (JavaScript):** The malware searched infected machines for private keys, passwords, GitHub tokens, and cloud login credentials. It tested stolen credentials in real-time and used SSH keys to move laterally into other systems.
**Crates.io packages (Rust):** Malicious `build.rs` scripts executed during the Rust compilation process, specifically targeting developers working with Sui and Move programming languages.
**PyPI packages (Python):** Remote JavaScript executed automatically on import, allowing the attackers to run arbitrary code without the developer’s knowledge.
## AI Coding Tools Exploited in Novel Way
A particularly innovative aspect of the TrapDoor campaign involved exploiting AI-assisted development tools. The attackers planted hidden instructions using zero-width Unicode characters within `.cursorrules` and `claude.md` files — configuration files that provide project-specific instructions to AI coding assistants like Cursor and Claude Code.
“[The attackers] planted hidden instructions using zero-width Unicode characters, apparently trying to make future AI assistant sessions run fake ‘security scans’ that collected and exfiltrated secrets,” Socket’s researchers reported.
This technique effectively weaponizes the very tools developers trust to write secure code, turning AI assistants into unwitting accomplices in the data exfiltration process.
## Targeted Ecosystems: Solana, Sui, Aptos, and Beyond
The campaign specifically targeted developers working on:
– **Solana** — via Rust and JavaScript packages
– **Sui** — via Move compiler tools and Rust build scripts
– **Aptos** — targeted alongside Sui through shared tooling packages
– **DeFi protocols** — through Solidity and security scanner packages
– **AI/LLM development** — through context compressor and prompt tools
Socket warned that the attackers opened pull requests to legitimate AI and developer projects on GitHub, attempting to add malicious `.cursorrules` and `CLAUDE.md` files through normal open-source contribution channels.
## Industry Implications
“Supply-chain attacks are built not to catch random retail users but developers — those are the very people who may have wallet files, SSH keys, GitHub tokens, cloud credentials and production access on the same machine they use to build crypto and AI tools,” Socket noted.
The attack highlights the growing sophistication of crypto-theft campaigns, which have evolved from phishing links and fake airdrops to highly targeted operations that compromise the developer supply chain. For blockchain projects, the stakes are particularly high — a compromised developer workstation can lead to protocol-level exploits, stolen private keys, and drained treasuries.
Socket said it has reported the packages to the affected registries and classified them as malicious. The company urged developers to audit their dependencies, review any recently installed developer tools, and check for suspicious `.cursorrules` or `CLAUDE.md` files that may have been added through pull requests.
## Prevention Measures for Developers
– Audit all recently installed npm, PyPI, and Crates.io packages
– Review `.cursorrules` and `CLAUDE.md` files for hidden Unicode characters
– Use separate machines or containers for development work involving private keys
– Enable multi-factor authentication on all GitHub, cloud, and exchange accounts
– Regularly rotate SSH keys and API tokens
– Consider using dependency scanning tools to flag suspicious packages
## FAQ
**What is a supply-chain attack in crypto?**
A supply-chain attack targets the software development process itself by injecting malicious code into trusted tools and libraries that developers use. In crypto, this can lead to stolen wallet keys, compromised smart contracts, and drained protocol treasuries.
**How can I check if I’m affected by TrapDoor?**
Review your project’s dependencies for any of the named malicious packages (wallet-security-checker, defi-risk-scanner, solidity-build-guard, move-compiler-tools, llm-context-compressor). Check recently modified `.cursorrules` or `CLAUDE.md` files for hidden zero-width characters.
**Were any user funds stolen in the TrapDoor attack?**
Socket did not identify specific victims or quantify stolen funds. The campaign appears to have been designed for persistent access and data collection rather than immediate theft, meaning the full impact may take time to surface.
—
*Sources: CoinDesk, Socket Security Research*
