LiteLLM supply-chain attack: wallet-stealing code in PyPI releases steals crypto secrets

Crypto security firm SafeDep says hackers inserted a crypto wallet-stealing payload into LiteLLM, a widely used AI interface for connecting to 100+ LLM providers. On Mar. 24 (10:39–16:00 UTC), attackers who accessed a maintainer account published two malicious LiteLLM versions on PyPI: 1.82.7 and 1.82.8. PyPI quarantined the builds around 11:25 UTC and LiteLLM removed them after detection. LiteLLM versions targeted secret-rich developer environments by collecting SSH keys, environment variables, cloud credentials, Kubernetes secrets, and crypto wallet-related files. The malware searched for Bitcoin wallet configuration files and wallet*.dat, Ethereum keystore directories, and Solana validator/authority material under ~/.config/solana (including validator key pairs, vote account keys, and deploy/Anchor directories). It also harvested AWS Secrets Manager/SSM values when valid AWS credentials were found, then created privileged kube-system pods and added persistence (sysmon.py and a systemd unit). SafeDep links the activity to broader TeamPCP-style compromises across tooling ecosystems, where credential theft can quickly convert into wallet drains, signer compromise, or malicious deployments. Key statistics cited: LiteLLM saw an estimated 46,996 downloads in 46 minutes during the window, with version 1.82.8 accounting for 32,464 downloads. SafeDep also notes 2,337 dependent PyPI packages allowed the affected version range (88%) at the time. For traders, the immediate market impact depends on whether any onchain theft follows. Still, the event is a risk-off signal for crypto infrastructure and validator/DeFi operational security, and it can drive short-term volatility around BTC/ETH/SOL exposures and exchange/validator trust.