TrapDoor Cross-Ecosystem Crypto Stealer Campaign | Halting Problems Executive Summary
TrapDoor is an active software supply-chain campaign reported by Socket on May 24, 2026, spanning npm, PyPI, and Crates.io packages aimed at crypto, DeFi, AI, and developer-security workflows Socket. Socket tracks more than 34 malicious packages and 384 or more related versions/artifacts, while OSV already lists several PyPI malicious-package records tied to the same 2026-05-eth-security-auditor campaign Socket OSV PyPI list.
The campaign is notable because each ecosystem gets a native execution path: npm postinstall hooks, PyPI import-time loaders that execute remote JavaScript, and Rust build.rs scripts that run during compilation Socket. The payloads target SSH keys, GitHub tokens, AWS and cloud credentials, browser data, environment variables, crypto wallet material, and AI assistant instruction surfaces such as .cursorrules and CLAUDE.md Socket GitHub repo.
Key Facts
threat_type: "cross-registry malicious package campaign"<br>ecosystem: "npm, PyPI, Crates.io"<br>registry: "npmjs.com, pypi.org, crates.io"<br>affected_packages:<br>npm:<br>- "async-pipeline-builder"<br>- "build-scripts-utils"<br>- "chain-key-validator"<br>- "crypto-credential-scanner"<br>- "defi-env-auditor"<br>- "defi-threat-scanner"<br>- "deployment-key-auditor"<br>- "dev-env-bootstrapper"<br>- "eth-wallet-sentinel"<br>- "llm-context-compressor"<br>- "mnemonic-safety-check"<br>- "model-switch-router"<br>- "node-setup-helpers"<br>- "project-init-tools"<br>- "prompt-engineering-toolkit"<br>- "solidity-deploy-guard"<br>- "token-usage-tracker"<br>- "wallet-backup-verifier"<br>- "wallet-security-checker"<br>- "web3-secrets-detector"<br>- "workspace-config-loader"<br>pypi:<br>- "cryptowallet-safety"<br>- "data-pipeline-check"<br>- "defi-risk-scanner"<br>- "env-loader-cli"<br>- "eth-security-auditor"<br>- "git-config-sync"<br>- "solidity-build-guard"<br>crates:<br>- "move-analyzer-build"<br>- "move-compiler-tools"<br>- "move-project-builder"<br>- "sui-framework-helpers"<br>- "sui-move-build-helper"<br>- "sui-sdk-build-utils"<br>malicious_versions:<br>- "env-loader-cli 0.1.0"<br>- "env-loader-cli 0.1.1"<br>- "eth-security-auditor 0.1.0"<br>- "sui-framework-helpers 0.1.0"<br>known_good_versions: []<br>fixed_or_safe_versions: []<br>execution_trigger: "npm postinstall, Python import, Rust build.rs"<br>primary_impact: "developer secret theft, cloud credential theft, SSH lateral movement, crypto wallet theft, AI assistant instruction poisoning"<br>campaign_context: "active cross-ecosystem campaign tracked by Socket as TrapDoor"<br>confidence: "medium"<br>canonical_source: "https://socket.dev/blog/trapdoor-crypto-stealer-npm-pypi-crates"<br>last_verified: "2026-05-24"<br>Source Confidence & Evidence Mapping
confirmed: Socket reports TrapDoor as a cross-ecosystem campaign across npm, PyPI, and Crates.io, with 34+ malicious packages and 384+ related versions/artifacts Socket.
confirmed: OSV lists recent malicious PyPI package records for env-loader-cli, data-pipeline-check, git-config-sync, defi-risk-scanner, cryptowallet-safety, solidity-build-guard, and eth-security-auditor OSV PyPI list.
confirmed: OSV record MAL-2026-4272 says env-loader-cli runs code during import to exfiltrate credentials, private keys, and sensitive data, and it lists affected versions 0.1.0 and 0.1.1 OSV MAL-2026-4272.
confirmed: The attacker-controlled GitHub repository ddjidd564/defi-security-best-practices exists on the gh-pages branch and exposes directories and files matching Socket’s infrastructure reporting, including payloads, trap-core, .cursorrules, and CLAUDE.md GitHub repo.
likely: The campaign scope will continue to change because Socket describes the activity as active and says some packages were already removed while others were still live at publication time Socket.
unclear: No public source reviewed here proves real-world victim count, complete registry removal status, or actor attribution beyond the observed GitHub account and package publishers.
Attack Execution Flow
sequenceDiagram<br>autonumber<br>actor Attacker<br>participant Registry as npm / PyPI / Crates.io<br>participant Dev as Developer or CI Runner<br>participant Host as Host Runtime<br>participant Infra as ddjidd564 GitHub Pages / Gists
Attacker->>Registry: Publish security, crypto, AI, and build-helper packages<br>Registry->>Dev: Package is installed, imported, or built<br>Dev->>Host: npm postinstall, Python import, or Rust build.rs executes<br>Host->>Infra: Fetch config or payload from attacker-controlled infrastructure<br>Host->>Host: Harvest credentials, wallets, browser data, and AI instruction surfaces<br>Host->>Infra: Exfiltrate data or validate stolen credentials<br>Timeline
2026-05-22T20:20:18Z Socket’s earliest observed package, [email protected], is uploaded to PyPI Socket.
2026-05-22T20:22:04Z Socket reports the eth-security-auditor wheel publication time Socket.
2026-05-24T05:42:09Z OSV publishes MAL-2026-4272 for env-loader-cli OSV MAL-2026-4272.
2026-05-24 Socket publishes public TrapDoor campaign research Socket.
2026-05-24 This local feed check found no existing Halting...