Bitcoinlib在火下：PYPI打字如何使加密钱包处于危险之中

2025年4月上旬，安全研究人员发出了有关针对比特币用户的恶意攻击的警报。黑客没有攻击比特币库本身

output: A recent report by ReversingLabs has shed light on a concerning attack targeting Bitcoinlib, a popular Python library used for interacting with Bitcoin.

输出：ReversingLabs的最新报告揭示了针对BitCoinlib的攻击，这是一个流行的Python库，用于与比特币进行交互。

Instead of directly hacking the library itself, hackers uploaded fake versions of Bitcoinlib to PyPI (Python Package Index), the platform from which developers download libraries. This ploy tricked developers into installing the malicious packages, granting hackers access to their crypto wallets.

黑客没有直接攻击库本身，而是将Bitcoinlib的假版本上传到PYPI（Python软件包索引），该平台从该平台下载库。这种策略欺骗开发人员安装恶意包裹，使黑客访问其加密钱包。

The 2024 Software Supply Chain Security Report, produced by ReversingLabs, delves into the increasing sophistication of software supply chain attacks, particularly focused on cryptocurrency applications. Throughout the year, researchers identified 23 malicious campaigns targeting crypto infrastructure, largely via open-source repositories like npm and PyPI.

ReverSingLabs生产的2024年软件供应链安全报告深入研究了软件供应链攻击的复杂性，尤其是针对加密货币应用程序。全年，研究人员确定了针对加密基础设施的23项恶意运动，这主要是通过NPM和PYPI等开源存储库。

These attacks spanned both basic typosquatting — where packages closely resemble legitimate ones in spelling to deceive developers — and more advanced tactics. Some attackers created packages that initially appeared benign but were later updated with malicious code, such as the “aiocpa” package or the assault on Solana’s web3.js library.

这些攻击跨越了两个基本打字机（包裹在拼写上与欺骗开发人员的拼写非常类似于合法的打字机）以及更高级的策略。一些攻击者创建了最初出现良性的软件包，但随后被恶意代码（例如“ AIOCPA”软件包或对Solana的Web3.js库的攻击。

Moreover, attackers grew bolder in targeting prominent libraries, demonstrating a shift from opportunistic to targeted attacks. Among the victims were Node.js modules used by major decentralized exchanges (DEXs) and a package designed for smart contracts on the Hedera blockchain.

此外，攻击者在针对著名图书馆的目标方面变得越来越大胆，表明从机会主义攻击转变为有针对性的攻击。受害者中有节点。JS模块由主要的分散交易所（DEX）和用于Hedera区块链上的智能合约设计的软件包。

Cryptocurrency, in the words of ReversingLabs, serves as a “canary in the coal mine,” highlighting the strong financial incentives that draw attackers to the space. The crypto industry, in essence, provides a testing ground for emerging threat types that could later be applied to other sectors.

用反向列表的话说，加密货币是“煤矿中的金丝雀”，强调了吸引攻击者进入该空间的强大经济激励措施。从本质上讲，加密行业为新兴威胁类型提供了测试基础，后来可以将其应用于其他部门。

As organizations move away from trust-based assumptions, particularly when dealing with third-party or closed-source binaries, they will need to adjust their approach to security accordingly.output: In early April, security researchers sounded the alarm on a focused attack targeting users of Bitcoinlib, a popular Python library used by developers to interact with Bitcoin.

随着组织脱离基于信任的假设，尤其是在与第三方或封闭源二进制文件打交道时，他们将需要相应地调整其安全方法。出口：4月初，安全研究人员对针对比特康利（Bitcoinlib）的专注攻击发出了警报，该攻击是针对BitCoinlib的使用者，这是一个受欢迎的Python图书馆，由开发人员与BitCoin相互作用。

However, hackers didn’t attack the Bitcoinlib library itself. Instead, they uploaded fake versions of the library to PyPI (Python Package Index), the platform where developers download Python libraries.

但是，黑客没有攻击比特币库本身。取而代之的是，他们将图书馆的假版本上传到了PYPI（Python软件包索引），该平台下载了Python库。

The ploy worked, and developers ended up installing the malicious packages, granting the hackers access to their crypto wallets.

策略工作了，开发人员最终安装了恶意套餐，从而允许黑客使用加密钱包。

Now, ReversingLabs’ 2024 Software Supply Chain Security Report has taken a closer look at this hack and the broader trends in software supply chain security.

现在，ReversingLabs的2024年软件供应链安全报告已经仔细研究了此黑客和软件供应链安全的更广泛趋势。

The report, titled “The Evolving Threat Landscape,” documents a year of tracking and analysis of software supply chain threats, focusing on emerging attack types, preferred attack vectors, and the attackers’ shifting targets.

该报告标题为“不断发展的威胁格局”，记录了一年的跟踪和分析软件供应链威胁，重点是新兴攻击类型，首选攻击向量以及攻击者的转移目标。

The report found that software supply chain attacks grew more sophisticated in 2024, with particular intensity around cryptocurrency applications. Throughout the year, researchers identified 23 malicious campaigns targeting crypto infrastructure, the majority (14) focused on open-source repositories like npm and PyPI.

该报告发现，软件供应链攻击在2024年变得更加复杂，在加密货币应用程序周围特别强度。全年，研究人员确定了针对加密基础设施的23个恶意运动，大多数（14）侧重于NPM和PYPI等开源存储库。

These spanned both basic typosquatting — where packages closely resemble legitimate ones in spelling to deceive developers — and more advanced tactics. Some attackers created packages that initially appeared benign but were later updated with malicious code, such as the “aiocpa” package or the assault on Solana’s web3.js library.

这些跨越了两个基本的错别字 - 包装在拼写中与欺骗开发人员的拼写非常类似于合法的打字机以及更高级的策略。一些攻击者创建了最初出现良性的软件包，但随后被恶意代码（例如“ AIOCPA”软件包或对Solana的Web3.js库的攻击。

Moreover, attackers grew bolder in targeting prominent libraries, demonstrating a shift from opportunistic to targeted attacks. Among the victims were Node.js modules used by major decentralized exchanges (DEXs) and a package designed for smart contracts on the Hedera blockchain.

此外，攻击者在针对著名图书馆的目标方面变得越来越大胆，表明从机会主义攻击转变为有针对性的攻击。受害者中有节点。JS模块由主要的分散交易所（DEX）和用于Hedera区块链上的智能合约设计的软件包。

Cryptocurrency, in the words of ReversingLabs, serves as a “canary in the coal mine,” highlighting the strong financial incentives that draw attackers to the space. The crypto industry, in essence, provides a testing ground for emerging threat types that could later be applied to other sectors.

用反向列表的话说，加密货币是“煤矿中的金丝雀”，强调了吸引攻击者进入该空间的强大经济激励措施。从本质上讲，加密行业为新兴威胁类型提供了测试基础，后来可以将其应用于其他部门。

As organizations move away from trust-based assumptions, particularly when dealing with third-party or closed-source binaries, they will need to adjust their approach to security accordingly.

随着组织摆脱基于信任的假设，尤其是在与第三方或封闭源二进制文件打交道时，他们将需要相应地调整其安全方法。