Hackers sneak crypto wallet-stealing code into a popular AI tool that runs every time
The post Hackers sneak crypto wallet-stealing code into a popular AI tool that runs every time appeared on BitcoinEthereumNews.com.
A poisoned release of LiteLLM turned a routine Python install into a crypto-aware secret stealer that searched for wallets, Solana validator material, and cloud credentials every time Python started. On Mar. 24, between 10:39 UTC and 16:00 UTC, an attacker who had gained access to a maintainer account published two malicious versions of LiteLLM to PyPI: 1.82.7 and 1.82.8. LiteLLM markets itself as a unified interface to more than 100 large language model providers, a position that places it inside credential-rich developer environments by design. PyPI Stats records 96,083,740 downloads in the last month alone. The two builds carried different levels of risk. Version 1.82.7 required a direct import of litellm.proxy to activate its payload, while version 1.82.8 planted a .pth file (litellm_init.pth) in the Python installation. Python’s own documentation confirms that executable lines in .pth files run at every Python startup, so 1.82.8 executed without any import at all. Any machine that had it installed ran compromised code the moment Python next launched. FutureSearch estimates 46,996 downloads in 46 minutes, with 1.82.8 accounting for 32,464 of them. Additionally, it counted 2,337 PyPI packages that depended on LiteLLM, with 88% allowing the compromised version range at the time of the attack. LiteLLM’s own incident page warned that anyone whose dependency tree pulled in LiteLLM through an unpinned transitive constraint during the window should treat their environment as potentially exposed. The DSPy team confirmed it had a LiteLLM constraint of “superior or equal to 1.64.0” and warned that fresh installs during the window could have resolved to the poisoned builds. Built to hunt crypto SafeDep’s reverse engineering of the payload makes the crypto targeting explicit. The malware searched for Bitcoin wallet configuration files and wallet*.dat files, Ethereum keystore directories, and Solana configuration files under ~/.config/solana. SafeDep says the collector gave Solana…
Filed under: News - @ March 26, 2026 5:24 pm