bittensor-wallet 4.0.2 Compromised on PyPI - Backdoor Exfiltrates Private Keys
bittensor-wallet 4.0.2 was published to PyPI on March 17, 2026 with a backdoor that exfiltrates private keys. The compromised package remained available for approximately 48 hours before being yanked from the repository.
- Disclosed
- Last updated
- Blast radius
- Unknown—depends on installation count during 48-hour availability window
- Ecosystems
- Attack vectors
- Affected entities
- bittensor-wallet · 4.0.2
On March 17, 2026, bittensor-wallet version 4.0.2 was identified as a compromised PyPI package containing a backdoor designed to exfiltrate private keys. The malicious release had been live on PyPI for approximately 48 hours before being removed (yanked).
The backdoor was discovered through a direct technical diff of the source tarballs for versions 4.0.1 and 4.0.2, revealing exactly what changes were introduced in the malicious release. Analysis by StepSecurity captured command and control (C2) channels communicating in real time when the compromised package was executed.
The package has since been yanked from PyPI, containing the incident. However, any systems that installed bittensor-wallet 4.0.2 during the 48-hour window of availability may be affected, and users should be advised to audit systems and rotate credentials.
Indicators of compromise
- Packages
- bittensor-wallet==4.0.2
Remediation
- Immediately remove bittensor-wallet 4.0.2 from all systems and downgrade to version 4.0.1 or earlier
- Rotate any private keys or credentials that may have been present on systems running the compromised version
- Audit logs for C2 communication or suspicious network activity associated with the backdoor
- Verify that PyPI or your artifact repository is configured to prevent installation of yanked packages
- Review installation logs to identify any systems that may have downloaded the compromised package during the 48-hour exposure window
Sources
Cite this entry
"bittensor-wallet 4.0.2 Compromised on PyPI - Backdoor Exfiltrates Private Keys." supplychainattack.org, Supply Chain Attack Incident Catalog. Disclosed March 17, 2026; last updated June 7, 2026. https://supplychainattack.org/incident/bittensor-wallet-4-0-2-compromised-on-pypi-backdoor-exfiltrates-private-keys-2b196w
Suggest a correction
Found an error or have a newer source? Corrections to factual errors take priority over new entries.
Related incidents
- containedhigh
New Shai-Hulud attack trojanizes 19 science-focused PyPI packages
Hackers compromised 19 science-focused packages on PyPI in a Shai-Hulud supply-chain attack. The trojanized packages were collectively downloaded hundreds of thousands of times and delivered malware designed to steal developer secrets.
PyPICompromised package - activecritical
The Hades Campaign: Graph ML PyPI Packages Deploy Cross-Platform Memory Scrapers, AI Analyst Misdirection, and a Wiper Deterrent
On June 8, 2026, multiple Graph ML PyPI packages were compromised in the Hades campaign, deploying cross-platform memory scrapers, AI prompt injections for analyst misdirection, and token-revocation wipers. The attack targeted the bioinformatics ecosystem with sophisticated evasion techniques.
PyPICompromised package - resolvedhigh
durabletask: TeamPCP's Latest PyPi Compromise
Malicious versions of the PyPI package durabletask were published, attributed to the TeamPCP threat actor. The attack matches known TeamPCP tactics used in prior supply chain compromises.
PyPICompromised package - containedcritical
Microsoft's durabletask PyPI Package Compromised in Supply Chain Attack
Three malicious versions of Microsoft's durabletask Python package were published to PyPI on May 19, 2026, containing a 28 KB payload that steals credentials from cloud providers (AWS, Azure, GCP), Kubernetes, password managers, and developer tools. The attack has been attributed to the TeamPCP threat group and exhibits indicators of Eastern European cybercrime operations.
PyPICompromised package