TrapDoor' Malware Rampant, Targeting Solana and DeFi Developers... "Trusting AI Coding Leads to Being Hacked"

▲ Cryptocurrency crime, hacking, cyber attack/AI generated image

Blockchain security firm SlowMist has warned of supply chain attacks targeting Solana (SOL), DeFi, and AI developers. Attackers are expanding their attack scope by planting malicious packages in major open-source repositories, infecting developers' personal devices, and stealing cryptocurrency wallets, cloud tokens, and access keys.

According to U.Today on May 25 (local time), SlowMist issued an urgent security alert with code SM-2026-352284. SlowMist stated that cross-registry supply chain attacks targeting Web3 and AI product developers are actively underway.

Hackers injected over 34 malicious packages and 384 related versions into large repositories such as npm, PyPI, and Crates.io. The targets are developers in the Solana, DeFi, and AI ecosystems. U.Today reported that attackers have shifted tactics from directly targeting secure servers to discreetly taking control of developers' personal devices.

This incident is an additional warning following 28 hacking incidents in the DeFi sector in April, resulting in $635 million in losses. While the scale of direct smart contract attacks decreased in May, SlowMist's observational data shows that attackers are shifting their tactics towards targeting developer devices and open-source supply chains.

According to SlowMist's analysis, TrapDoor is designed to take over an entire developer workstation. This malware steals not only cryptocurrency wallets but also cloud tokens and access keys, such as AWS and GitHub credentials, and sends them to attacker-controlled addresses.

TrapDoor directly writes itself into AI assistant configuration files, .cursorrules and CLAUDE.md, to remain hidden within the system. It also hides within Git hooks and automated scripts, and within repositories, it masquerades as AI plugins and build utilities for Sui and Move.

This attack, coupled with the spread of vibe coding, increases the risk. This is because AI agents can automatically download malicious code when developers assemble projects with prompts and inadvertently link dozens of nested libraries. The direct access of smart editors to local configuration files was also identified as a vulnerability for infection spread.

SlowMist urged immediate action from potentially infected teams. Developers must remove affected packages, isolate infected systems, preserve logs, then proceed with AI configuration checks, complete credential replacement, and development environment reconstruction. They should directly check .cursorrules and CLAUDE.md files for third-party directives or abnormal commands, and all cryptographic keys, cloud tokens, and GitHub secrets must be revoked and reissued.

*Disclaimer: This article is for investment reference only, and we are not responsible for any investment losses based on it. The content should be interpreted for informational purposes only.*