"These PyPI Python Packages Can Drain Your Crypto Wallets"

Researchers have discovered seven packages on the Python Package Index (PyPI) repository designed to steal BIP39 mnemonic phrases used to recover private keys of cryptocurrency wallets. ReversingLabs has codenamed the software supply chain attack campaign "BIPClip." The packages were downloaded 7,451 times before being removed from PyPI. BIPClip, aimed at developers on projects related to generating and securing cryptocurrency wallets, is said to have been in operation since at least December 4, 2022. Security researcher Karlo Zanki emphasizes that this new campaign confirms cryptocurrency remains one of the most popular targets for supply chain threat actors. This article continues to discuss researchers' findings regarding the BIPClip campaign.

THN reports "These PyPI Python Packages Can Drain Your Crypto Wallets"

Submitted by grigby1

Submitted by Gregory Rigby on