BlockBeats News, May 25th, according to the security company Socket Security, a cryptocurrency theft activity named TrapDoor is conducting a supply chain attack in package repositories such as npm, PyPI, and Crates.io. Currently, 34 malicious packages and 384 versions and builds have been identified, with the attackers continuously pushing new versions across the ecosystems.

The article states that TrapDoor mainly targets developers in the cryptocurrency, AI, and security fields, capable of stealing wallets, SSH keys, cloud credentials, GitHub tokens, browser data, environment variables, and API keys.