Industry Newsllmpypisupply chaincrypto security
LiteLLM Distributes Malware Stealing Crypto Secrets
|
8.7
On Mar. 24 an attacker used a compromised maintainer account to publish two malicious LiteLLM releases (1.82.7 and 1.82.8) to PyPI, with 1.82.8 planting a .pth that executed at every Python startup. The payload exfiltrated crypto wallets, Solana validator keys, SSH/cloud credentials, and Kubernetes secrets across 46,996 downloads in 46 minutes; PyPI quarantined the builds and LiteLLM removed them.
Scoring Rationale
High immediacy and confirmed exfiltration across PyPI, but impact concentrates on Python developer and crypto ecosystems rather than universal infrastructure.
Practice with real FinTech & Trading data
90 SQL & Python problems · 15 industry datasets
Used by DS/ML engineers at top companies
Active Verified Users by Income TierEasyTechnology Stocks with High BetaMediumPortfolio Performance ScorecardHard
250 free problems · No credit card
See all FinTech & Trading problems
