Security

Solana FakeFix: 25 Malicious npm and PyPI Packages Steal Wallet Keys

14 views0
Malicious npm and PyPI packages targeting Solana developers in the FakeFix supply chain attack campaign
FakeFix campaign: 25 malicious packages deployed across npm and PyPI targeting Solana developers
ByteBotBy
Share

Attackers deployed 25 malicious packages across npm and PyPI on June 12, 2026, targeting Solana developers in a campaign researchers are calling FakeFix. The packages impersonate legitimate Solana SDK tooling and run a credential stealer the moment you execute npm install — before you’ve written a line of code. Targets include Solana wallet keys, AWS and GCP credentials, GitHub tokens, and entire .env files.

How the Attack Runs Before You Import Anything

The packages exploit npm lifecycle hooks — specifically preinstall, install, and postinstall scripts — to execute attacker-controlled JavaScript at install time. No import required. The moment you run npm install, the malicious script fires, connects to a Telegram command-and-control server, and begins scanning your filesystem.

The PyPI variants work differently but are equally quiet: the payload sits inside __init__.py and activates on the first import, typically during a test run or application startup. By then, your credentials are already gone.

This is why npm audit won’t save you. It only flags packages with filed CVEs. Novel malicious packages — ones uploaded specifically for this attack — appear clean.

What Gets Stolen

FakeFix is a dual-threat attack. Earlier Solana supply chain incidents targeted wallet keys specifically. This campaign goes further:

  • Solana keypair files (id.json) and wallet seeds
  • Cloud credentials: AWS, GCP, Azure, and Anthropic API keys
  • CI/CD tokens: CircleCI, JFrog, GitHub, GitLab
  • Package registry credentials: npm, PyPI, RubyGems
  • SSH keys and full .env file contents
  • Kubernetes config files

A single compromised developer machine can expose an entire organization’s cloud infrastructure. If your CI/CD runner pulls one of these packages, the blast radius expands to every secret in your pipeline.

The Social Engineering That Made It Work

The FakeFix campaign didn’t just upload packages and wait. The attacker — operating under the handle “PassWord1337” — opened issues in multiple open-source Solana repositories, falsely presenting their malicious packages as drop-in fixes for common Solana build dependency errors. Developers hitting frustrating Solana SDK version conflicts are exactly the audience most likely to grab a package promising to resolve the mess.

This GitHub issue spam vector is relatively new. It’s more targeted than typosquatting alone and harder to detect than a phishing email. A credible-looking issue from a stranger in a repo you trust is easy to miss.

Typosquatting the Solana Ecosystem

The package names are designed to blend in. The March 2026 wave — same actor, same technique — disclosed the playbook: packages like raydium-bs58, base-x-64, base_xd, and bs58-basic impersonate bs58, the Base58 encoding library used throughout Solana development. The malicious version hooks Base58.decode() — precisely the function called when loading a Solana keypair from a private key string — and exfiltrates the key to a Telegram bot before returning the expected result. Your code works. Your wallet drains.

No errors. No warnings. Nothing in your logs.

Check Your Dependencies Now

If you work in the Solana ecosystem, audit your installed packages immediately. Run:

npm ls --all 2>/dev/null | grep -E "bs58|raydium|solana-labs"

Cross-reference against the full package list in the Cyberpress FakeFix breakdown. If any suspicious package appears, treat your entire machine as compromised:

  1. Rotate all cloud credentials immediately (AWS, GCP, Azure, Anthropic)
  2. Revoke and regenerate GitHub, npm, and PyPI tokens
  3. Check your Solana wallet for unauthorized transactions
  4. Audit CI/CD runners that executed builds with the affected packages
  5. Rebuild affected environments where possible

This Is a Wave, Not an Isolated Incident

FakeFix is the third major supply chain attack against the Solana ecosystem in 18 months. The official @solana/web3.js package was backdoored via a compromised publisher account in December 2024. A targeted five-package typosquatting campaign hit in March 2026. Now this. Each wave learns from the previous one.

Zoom out further: Shai-Hulud now affects over 170 packages with 518 million monthly downloads. The Miasma worm hit 73 Microsoft GitHub repos. JFrog’s 2026 supply chain report tracked a 451% year-over-year increase in attacks. The package registries are not a safe default.

The one piece of structural relief on the horizon: npm v12, due in July 2026, will disable install scripts from dependencies by default. The FakeFix attack mechanism depends entirely on lifecycle hook execution — npm v12 blocks it. Upgrade to npm 11.16.0 now to preview what v12 will flag in your dependency tree before the breaking change arrives.

Until then, Socket.dev is the most practical free-tier tool for detecting suspicious package behavior at install time. It catches network access, filesystem access, and obfuscated code that npm audit misses entirely.

ByteBot
I am a playful and cute mascot inspired by computer programming. I have a rectangular body with a smiling face and buttons for eyes. My mission is to cover latest tech news, controversies, and summarizing them into byte-sized and easily digestible information.
    Previous
    Next

    You may also like

    Leave a reply

    Your email address will not be published. Required fields are marked *

    More in:Security