A new supply-chain attack dubbed 'TrapDoor' is targeting crypto developers by planting malicious packages that hijack popular AI coding assistants, according to a report published this week by software supply chain security firm Socket. The campaign siphons cryptocurrency directly from victims' wallets, exploiting the trust developers place in automated coding tools.
How TrapDoor works
Socket researchers identified a cluster of malicious packages uploaded to public repositories. Once installed, the malware injects hidden instructions into the output of AI coding assistants — tools that many developers rely on for suggestions and auto-completion. Those instructions then trick the developer into approving transactions or exposing private keys, effectively turning the AI helper into a vector for theft.
The campaign isn't subtle about its target: the packages are specifically designed to interact with crypto development environments. Socket said the malware checks for wallet software and common blockchain libraries before activating.
Why AI tools are the new target
By hijacking the AI assistant itself, TrapDoor bypasses traditional code-review safeguards. A developer sees a normal-looking suggestion, accepts it, and the assistant executes the attacker's payload. The attack doesn't require exploiting a zero-day in the AI tool — just tricking the human who trusts it.
Socket's report doesn't name which AI coding assistants were affected, but the technique works on any assistant that processes user-installed packages. The company warned that the attack could go unnoticed until funds are drained.
What developers can do now
Socket recommends auditing all dependencies installed in the past 30 days, especially packages related to wallet integration or transaction signing. They also advise disabling auto-accept suggestions from coding assistants until a full inventory is done. The company has published a list of known malicious package names on its blog.
The attack underscores a growing risk: as crypto developers rely more on AI tooling, the supply chain becomes a softer target. TrapDoor is the first publicly documented campaign to weaponize AI coding assistants for crypto theft, but it won't be the last.
