The information provided on EL7.AI is for educational and informational purposes only and does not constitute financial advice.

CryptoUpdated×2•Originally published 25 May 2026•Updated 25 May 2026•

1 min read

TrapDoor Malware Targets Crypto Developers and AI Coding Tools

Key Facts

1Socket discovered a malicious package campaign named TrapDoor targeting crypto development tool packages.

2The malware injects hidden instructions to hijack popular AI coding assistants.

Amid the rising integration of AI in software engineering, Socket has identified a sophisticated malware campaign named TrapDoor targeting cryptocurrency development tool packages. The malware injects hidden instructions designed to hijack popular AI-powered coding assistants during the development process. According to reports, these supply chain attacks aim to compromise the software build environment to facilitate the theft of digital assets.

This security breach occurs at a critical time for the tech sector, as cybersecurity data indicates a 15% increase in supply chain attacks over the past year per Sonatype research. Experts warn that targeting tools like GitHub Copilot represents a qualitative evolution in hacking methodologies. Compared to previous incidents, embedding malicious code directly into developer workflows makes detection significantly harder than traditional end-user attacks.

10 days ago

Version History

Version 210 days ago

What changed: Added technical details regarding targeted blockchain networks and package distribution platforms.

Version 110 days ago

What changed: Added details regarding the specific affected networks and the distribution channels used in the attack.

Developers are advised to exercise caution when updating open-source packages and to monitor the behavior of their AI assistants closely. Looking at the economic calendar, these security concerns could weigh on tech sentiment ahead of key data such as the Westpac Consumer Confidence index on May 19, 2026. Monitoring security protocols within development platforms remains vital to preventing large-scale losses in the crypto sector.

Latest Updates · 2

Notable·25 May 2026 · 10:46
Update: Further investigations reveal that the TrapDoor campaign specifically focuses on Aptos, Sui, and Solana development environments. The malware is being distributed through malicious packages uploaded to major registries including npm, PyPI, and Crates.io to reach target developers.
Notable·25 May 2026 · 10:15
Update: Further investigations revealed that the attack specifically targeted developers working on the Aptos, Sui, and Solana networks. The malicious packages were distributed through major software repositories including npm, PyPI, and Crates.io, expanding the threat landscape for projects built on these chains.