Solana, Sui, and Aptos Wallet Data Targeted in “Trapdoor” Package Attack

Key Highlights

• Security researchers uncovered a malicious “Trapdoor” package attack targeting crypto wallet infrastructure
• The campaign reportedly focused on wallets connected to Solana, Sui, and Aptos ecosystems
• Attackers attempted to steal sensitive wallet and credential data through compromised software packages
• The incident highlights growing supply-chain risks within blockchain development environments
• Developers are being urged to audit dependencies and verify package authenticity
• Open-source infrastructure remains a major attack surface across the crypto industry
• Analysts warn software supply-chain attacks are becoming increasingly sophisticated

Security researchers have identified a malicious software supply-chain campaign known as the “Trapdoor” package attack, which reportedly targeted wallet-related infrastructure connected to the Solana, Sui, and Aptos blockchain ecosystems.

The attack involved compromised software packages designed to infiltrate development environments and potentially extract sensitive wallet-related data, including credentials, keys, and configuration information. According to researchers, the malicious code was embedded within seemingly legitimate packages used by developers building crypto-related applications.

The incident highlights the growing threat of software supply-chain attacks within the crypto industry. Rather than directly attacking blockchain networks themselves, attackers increasingly target the tools, libraries, and dependencies developers rely on to build wallets and decentralized applications.

Security experts say this type of attack can be especially dangerous because compromised packages may appear trustworthy and can spread quietly through open-source ecosystems before detection. In some cases, developers unknowingly install malicious dependencies that provide attackers with access to sensitive systems or user data.

The focus on Solana, Sui, and Aptos reflects the rapid growth of newer blockchain ecosystems and developer communities. As these networks expand, their surrounding infrastructure—including wallets, SDKs, and development tools—becomes a more attractive target for cybercriminals seeking access to valuable digital assets.

Researchers investigating the campaign reportedly identified code designed to create hidden backdoors capable of transmitting data to attacker-controlled servers. While the full scale of the compromise remains unclear, the findings have prompted renewed warnings about dependency management and software verification practices.

The attack also underscores a broader issue facing the crypto sector: much of the ecosystem depends heavily on open-source software maintained by distributed developer communities. While open-source infrastructure enables rapid innovation, it can also create vulnerabilities when malicious actors exploit trust within package repositories and development pipelines.

Developers are now being urged to carefully audit third-party dependencies, monitor unusual package behavior, and implement stricter verification controls before integrating software into production systems. Security teams are also encouraging projects to use dependency-locking mechanisms and conduct regular code reviews to reduce exposure.

Cybersecurity analysts note that software supply-chain attacks have become increasingly sophisticated across the broader technology industry, not just within crypto. However, the financial nature of blockchain applications makes crypto ecosystems particularly attractive targets because successful compromises can potentially provide direct access to user funds and private keys.

The incident is another reminder that security risks in digital asset markets extend far beyond price volatility and smart contract exploits. As blockchain ecosystems mature, attacks on developer infrastructure and software distribution channels are becoming an increasingly important threat vector.

For now, projects operating within the Solana, Sui, and Aptos ecosystems are reviewing development environments and dependencies while researchers continue investigating the scope and impact of the Trapdoor campaign.