GitLab uncovers Bittensor theft campaign via PyPI

Welcome • User Guide
ToS • Privacy • Canary
Donate • Bugs • License

©2025 Poal.co

1.0K

•

GitLab uncovers Bittensor theft campaign via PyPI (about.gitlab.com)

From the post:

>GitLab's Vulnerability Research team has identified a sophisticated cryptocurrency theft campaign targeting the Bittensor ecosystem through typosquatted Python packages on PyPI. Our investigation began when GitLab's automated package monitoring system flagged suspicious activity related to popular Bittensor packages. We discovered multiple typosquatted variations of legitimate Bittensor packages, each designed to steal cryptocurrency from unsuspecting developers and users.

Archive: https://archive.today/eu3hH From the post: >>GitLab's Vulnerability Research team has identified a sophisticated cryptocurrency theft campaign targeting the Bittensor ecosystem through typosquatted Python packages on PyPI. Our investigation began when GitLab's automated package monitoring system flagged suspicious activity related to popular Bittensor packages. We discovered multiple typosquatted variations of legitimate Bittensor packages, each designed to steal cryptocurrency from unsuspecting developers and users.

(post is archived)

[–] • 1 pt

It is becoming common among people who use LLMs to write Python code to fall for typosquatting schemes. If you let an LLM update your package list it will sometimes hallucinate package names that are similar to real ones.

link