Supply-chain threat intelligence

Incident detail

criticalpypi·credential theft·osv

Malicious code in web3-py-checksum (PyPI)

web3-py-checksum

Risk score

92

AI summary

Indexed incident for web3-py-checksum (pypi).

Description

The code silently exfiltrates the private key of a crypto account.


Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-05-old-web3-py-checksum

Reasons (based on the campaign):

  • crypto-related

  • exfiltration-crypto

Technical details

Affected versions

=1.1=1.0

Indicators

  • affected version=1.175%
  • affected version=1.075%

Timeline

  1. Advisory published
  2. Indexed by ThreatPkg

Related incidents