Same name, different hack: PyPI package targets Solana developers

The ReversingLabs research team has written about the surge in recent years in software supply chain attacks that target cryptocurrency. RL’s 2025 Software Supply Chain Security Report documented 23 distinct malicious supply chain campaigns targeting cryptocurrency applications and infrastructure in 2024 alone. 

That trend continues. So far in 2025, RL researchers discovered a number of new campaigns that appear to target cryptocurrency assets. In April, for example, RL researcher Lucija Valentić wrote about the discovery of an npm package, pdf-to-office, that injected malicious code into legitimate, locally-installed files to steal funds stored in Atomic Wallet and Exodus crypto wallets. 

The research team’s latest discovery involves a malicious PyPI open source package that poses as an application for the Solana blockchain: solana-token. When installed, the malicious package attempts to exfiltrate source code and developer secrets from the developer’s machine to a hard-coded IP address.

Here’s what RL researchers found — and how organizations should respond to address the growing number of supply chain threats targeting cryptocurrency projects. 

The post Same name, different hack: PyPI package targets Solana developers appeared first on Security Boulevard.