According to cybersecurity firm Hacken, financial losses from crypto hacks topped $440 million in the third quarter of 2024.
Researchers at the Checkmarx cybersecurity firm sounded the alarm on a dangerous form of malware uploaded to the Python Package Index (PyPI) — a platform for Python developers to download and share code — that steals private keys, mnemonic phrases, and other sensitive user data.
According to the firm, the malware was automatically uploaded by a suspicious user in several different software packages meant to mimic decoding applications for popular wallets like MetaMask, Atomic, TronLink, Ronin, and other industry staples.
The malware was cleverly embedded within parts of the software packages. This allowed the malicious software to go largely undetected due to what appeared to be harmless code.
