TrapDoor Malware Targets Solana, Sui and Aptos Developers
There's a new malware campaign named TrapDoor that's targeting developers in the crypto, DeFi, and AI fields, especially those working with Solana, Sui, and Aptos. Since May 22, 2026, more than 34 malicious packages, with a total of 384 versions, have been found on npm, PyPI, and Crates.io. These packages are designed to steal sensitive data like wallet files and developer credentials. Instead of attacking blockchains directly, TrapDoor poses as genuine tools, including security scanners and AI applications. The malware activates upon installation on npm, when imported on PyPI, and during compilation on Crates.io. It also targets AI coding assistants by modifying files with hidden commands. Although some pull requests to popular open-source projects were swiftly rejected, developers are still advised to review their dependencies from May 19 to 22 and change any potentially compromised credentials. As of May 31, 2026, no direct financial losses or breaches have been reported for Solana, Sui, or Aptos, but the threat level remains high.
Key facts
- TrapDoor malware campaign targets developers in crypto, DeFi, and AI ecosystems.
- Over 34 malicious packages with 384 versions/artifacts distributed since May 22, 2026.
- Packages found on npm, PyPI, and Crates.io.
- First confirmed package: eth-security-auditor@0.1.0 on PyPI on May 22, 2026 at 20:20:18 UTC.
- Malware steals wallet files, developer credentials, and secrets.
- TrapDoor modifies AI configuration files like .cursorrules and CLAUDE.md.
- Attackers attempted pull requests to LangChain, Langflow, browser-use, llama_index, MetaGPT, and OpenHands.
- No confirmed financial losses or protocol compromises as of May 31, 2026.
Entities
Institutions
- Socket Security
- Cloud Security Alliance
- npm
- PyPI
- Crates.io
- Solana
- Sui
- Aptos
- LangChain
- Langflow
- browser-use
- llama_index
- MetaGPT
- OpenHands
- Cursor
- Claude Code
- NFT Plazas