Bitcoinlib在火下：PYPI打字如何使加密錢包處於危險之中

2025年4月上旬，安全研究人員發出了有關針對比特幣用戶的惡意攻擊的警報。黑客沒有攻擊比特幣庫本身

output: A recent report by ReversingLabs has shed light on a concerning attack targeting Bitcoinlib, a popular Python library used for interacting with Bitcoin.

輸出：ReversingLabs的最新報告揭示了針對BitCoinlib的攻擊，這是一個流行的Python庫，用於與比特幣進行交互。

Instead of directly hacking the library itself, hackers uploaded fake versions of Bitcoinlib to PyPI (Python Package Index), the platform from which developers download libraries. This ploy tricked developers into installing the malicious packages, granting hackers access to their crypto wallets.

黑客沒有直接攻擊庫本身，而是將Bitcoinlib的假版本上傳到PYPI（Python軟件包索引），該平台從該平台下載庫。這種策略欺騙開發人員安裝惡意包裹，使黑客訪問其加密錢包。

The 2024 Software Supply Chain Security Report, produced by ReversingLabs, delves into the increasing sophistication of software supply chain attacks, particularly focused on cryptocurrency applications. Throughout the year, researchers identified 23 malicious campaigns targeting crypto infrastructure, largely via open-source repositories like npm and PyPI.

ReverSingLabs生產的2024年軟件供應鏈安全報告深入研究了軟件供應鏈攻擊的複雜性，尤其是針對加密貨幣應用程序。全年，研究人員確定了針對加密基礎設施的23項惡意運動，這主要是通過NPM和PYPI等開源存儲庫。

These attacks spanned both basic typosquatting — where packages closely resemble legitimate ones in spelling to deceive developers — and more advanced tactics. Some attackers created packages that initially appeared benign but were later updated with malicious code, such as the “aiocpa” package or the assault on Solana’s web3.js library.

這些攻擊跨越了兩個基本打字機（包裹在拼寫上與欺騙開發人員的拼寫非常類似於合法的打字機）以及更高級的策略。一些攻擊者創建了最初出現良性的軟件包，但隨後被惡意代碼（例如“ AIOCPA”軟件包或對Solana的Web3.js庫的攻擊。

Moreover, attackers grew bolder in targeting prominent libraries, demonstrating a shift from opportunistic to targeted attacks. Among the victims were Node.js modules used by major decentralized exchanges (DEXs) and a package designed for smart contracts on the Hedera blockchain.

此外，攻擊者在針對著名圖書館的目標方面變得越來越大膽，表明從機會主義攻擊轉變為有針對性的攻擊。受害者中有節點。 JS模塊由主要的分散交易所（DEX）和用於Hedera區塊鏈上的智能合約設計的軟件包。

Cryptocurrency, in the words of ReversingLabs, serves as a “canary in the coal mine,” highlighting the strong financial incentives that draw attackers to the space. The crypto industry, in essence, provides a testing ground for emerging threat types that could later be applied to other sectors.

用反向列表的話說，加密貨幣是“煤礦中的金絲雀”，強調了吸引攻擊者進入該空間的強大經濟激勵措施。從本質上講，加密行業為新興威脅類型提供了測試基礎，後來可以將其應用於其他部門。

As organizations move away from trust-based assumptions, particularly when dealing with third-party or closed-source binaries, they will need to adjust their approach to security accordingly.output: In early April, security researchers sounded the alarm on a focused attack targeting users of Bitcoinlib, a popular Python library used by developers to interact with Bitcoin.

隨著組織脫離基於信任的假設，尤其是在與第三方或封閉源二進製文件打交道時，他們將需要相應地調整其安全方法。出口：4月初，安全研究人員對針對比特康利（Bitcoinlib）的專注攻擊發出了警報，該攻擊是針對BitCoinlib的使用者，這是一個受歡迎的Python圖書館，由開發人員與BitCoin相互作用。

However, hackers didn’t attack the Bitcoinlib library itself. Instead, they uploaded fake versions of the library to PyPI (Python Package Index), the platform where developers download Python libraries.

但是，黑客沒有攻擊比特幣庫本身。取而代之的是，他們將圖書館的假版本上傳到了PYPI（Python軟件包索引），該平台下載了Python庫。

The ploy worked, and developers ended up installing the malicious packages, granting the hackers access to their crypto wallets.

策略工作了，開發人員最終安裝了惡意套餐，從而允許黑客使用加密錢包。

Now, ReversingLabs’ 2024 Software Supply Chain Security Report has taken a closer look at this hack and the broader trends in software supply chain security.

現在，ReversingLabs的2024年軟件供應鏈安全報告已經仔細研究了此黑客和軟件供應鏈安全的更廣泛趨勢。

The report, titled “The Evolving Threat Landscape,” documents a year of tracking and analysis of software supply chain threats, focusing on emerging attack types, preferred attack vectors, and the attackers’ shifting targets.

該報告標題為“不斷發展的威脅格局”，記錄了一年的跟踪和分析軟件供應鏈威脅，重點是新興攻擊類型，首選攻擊向量以及攻擊者的轉移目標。

The report found that software supply chain attacks grew more sophisticated in 2024, with particular intensity around cryptocurrency applications. Throughout the year, researchers identified 23 malicious campaigns targeting crypto infrastructure, the majority (14) focused on open-source repositories like npm and PyPI.

該報告發現，軟件供應鏈攻擊在2024年變得更加複雜，在加密貨幣應用程序周圍特別強度。全年，研究人員確定了針對加密基礎設施的23個惡意運動，大多數（14）專注於NPM和PYPI等開源存儲庫。

These spanned both basic typosquatting — where packages closely resemble legitimate ones in spelling to deceive developers — and more advanced tactics. Some attackers created packages that initially appeared benign but were later updated with malicious code, such as the “aiocpa” package or the assault on Solana’s web3.js library.

這些跨越了兩個基本的錯別字 - 包裝在拼寫中與欺騙開發人員的拼寫非常類似於合法的打字機以及更高級的策略。一些攻擊者創建了最初出現良性的軟件包，但隨後被惡意代碼（例如“ AIOCPA”軟件包或對Solana的Web3.js庫的攻擊。

Moreover, attackers grew bolder in targeting prominent libraries, demonstrating a shift from opportunistic to targeted attacks. Among the victims were Node.js modules used by major decentralized exchanges (DEXs) and a package designed for smart contracts on the Hedera blockchain.

此外，攻擊者在針對著名圖書館的目標方面變得越來越大膽，表明從機會主義攻擊轉變為有針對性的攻擊。受害者中有節點。 JS模塊由主要的分散交易所（DEX）和用於Hedera區塊鏈上的智能合約設計的軟件包。

Cryptocurrency, in the words of ReversingLabs, serves as a “canary in the coal mine,” highlighting the strong financial incentives that draw attackers to the space. The crypto industry, in essence, provides a testing ground for emerging threat types that could later be applied to other sectors.

用反向列表的話說，加密貨幣是“煤礦中的金絲雀”，強調了吸引攻擊者進入該空間的強大經濟激勵措施。從本質上講，加密行業為新興威脅類型提供了測試基礎，後來可以將其應用於其他部門。

As organizations move away from trust-based assumptions, particularly when dealing with third-party or closed-source binaries, they will need to adjust their approach to security accordingly.

隨著組織擺脫基於信任的假設，尤其是在與第三方或封閉源二進製文件打交道時，他們將需要相應地調整其安全方法。