Rogue PyPI Library Targets Solana Users, Steals Blockchain Wallet Keys: A New Supply Chain Threat

Read here if you are not member of medium

In an alarming development for the cybersecurity community, researchers have uncovered a malicious package on the Python Package Index (PyPI) repository that poses a significant threat to users of the Solana blockchain platform. This rogue library, deceptively named “solana-py,” is designed to steal sensitive information, including blockchain wallet keys.

The discovery highlights the growing risks associated with supply chain attacks in the software development ecosystem. In this article, we’ll explore how this attack unfolded, the implications for developers and users, and what steps can be taken to mitigate such threats.

The Discovery: A Rogue Package Masquerading as Solana

Cybersecurity researchers from Sonatype recently uncovered a malicious package on PyPI that pretended to be a legitimate Solana library. The real Solana Python API project is known as “solana-py” on GitHub, but simply “solana” on PyPI.

The threat actor behind this attack exploited this slight naming discrepancy, publishing a fake “solana-py” package on PyPI, which successfully deceived users into downloading it.