Security firm Socket says it has identified a coordinated software supply-chain campaign called TrapDoor that spread through malicious packages on npm, PyPI, and Crates.io.

The campaign is aimed at developers in crypto, DeFi, Solana, AI, and related security tooling communities. Socket says the packages were built to collect developer secrets, including SSH keys, GitHub tokens, AWS credentials, browser data, environment variables, and wallet data tied to Sui, Solana, and Aptos. CoinDesk separately reported the campaign Friday, framing it as a direct threat to programmers with wallet keys and production credentials on local machines.

Socket traced the earliest observed package to eth-security-auditor@0.1.0 on PyPI, uploaded on May 22 at 20:20:18 UTC. The broader set spans at least 34 malicious packages and more than 384 related versions or artifacts, with package names that mimic wallet safety checks, Solidity tooling, AI prompt helpers, and Move or Sui build utilities.

The technical paths differ by ecosystem. The npm packages use postinstall hooks and a shared trap-core.js payload. PyPI packages execute remote JavaScript when imported. Rust packages on Crates.io abuse build.rs, which can run during compilation, to search for and exfiltrate local keystores.

The unusual part is the AI angle. Socket says TrapDoor also tried to plant hidden instructions in files such as .cursorrules and CLAUDE.md, apparently to steer future AI coding sessions toward fake security scans that expose more secrets. That makes this less a consumer-wallet scam than a developer workstation compromise attempt.