Crypto and AI developers have become the target of a new software supply-chain campaign called TrapDoor. According to Socket, attackers published 34+ malicious packages across npm, PyPI and Crates.io, disguising them as ordinary developer utilities, security scanners, Solidity tools, Sui/Move helpers, wallet utilities and AI prompt packages. Names such as wallet-security-checker and defi-risk-scanner were intentionally mundane, making them easier for developers to install without suspicion.

Once installed, the packages attempted to steal far more than wallet files. They targeted SSH keys, GitHub tokens, AWS credentials, environment variables, browser profiles and other sensitive configuration files. For crypto teams, that is especially dangerous: one compromised developer machine can become a bridge into repositories, cloud infrastructure and production wallets.

The most concerning part is the AI-assisted coding angle. Socket says the attackers abused files such as .cursorrules and CLAUDE.md, which are used to give project-specific instructions to AI coding tools. Hidden prompts using zero-width Unicode characters could push future AI sessions to run fake “security scans” that exfiltrate secrets. There is no confirmed list of victims or stolen funds yet. But TrapDoor shows a broader threat: attackers are no longer targeting only smart contracts — they are targeting the developer environment itself.