bittensor-wallet
bittensor-wallet PyPI Private Key Exfiltration Backdoor
A registry-only malicious release of bittensor-wallet 4.0.2 was uploaded to PyPI and later yanked. The backdoor was compiled into the Rust wallet code so wallet decryption paths exposed coldkey and hotkey material directly to the payload. It used sandbox checks, encrypted stolen key data with an attacker public key, deduplicated repeated unlocks, and exfiltrated through HTTPS, DNS lookups, and DNS tunneling. The release also removed bundled artifact-attestation workflow steps, making it harder to compare the PyPI artifact against the legitimate source release.
- Date
- 2026-03-15 to 2026-03-17
- Category
- Open Source
- Target Surface
- Package registry
- Insertion Phase
- distribution
- Impact
- Private Key Theft
- Cause
- Compromised Account/Credentials
What Was Affected
Package
bittensor-wallet
LanguageRust
ComponentLibrary
Artifact typesource archive
Domain typepackage host
Domain
pypi.org
Repository
github.com/opentensor/btwallet
Compromised Versions
Incident Context
- Motive
- Credential Theft
- Transitive
- Yes
- User Impact
- 0
- Observed Duration
- 2 days
Evidence
Compromised Artifacts
Indicators and Changes
Hashes
sha256:6a416b72ff24804abc12484a3b41413a8580acedd8a5f8c84224fcf0732c2f8e
External References
Source Data
Source record: oss/bittensor-wallet/meta.yaml