BlockBeats News, March 25 — According to 23pds, Chief Information Security Officer of SlowFog Technology, the Python AI gateway library LiteLLM, which has a monthly download volume of up to 97 million, was targeted in a supply chain attack on PyPI. The attacker could steal sensitive information on users’ devices by executing the command pip install litellm. The sensitive data that can be stolen includes SSH keys, cloud service credentials (AWS / GCP / Azure), Kubernetes configuration files, Git credentials, API keys in environment variables, shell history, cryptocurrency wallet information, and database passwords.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Aave Faces a Major Trust Crisis: Service Providers Exit En Masse, with “Technology, Governance, and Risk Control” Fully Failing
Author: Jae, PANews
Compared with the external pressure of a bear market, Aave has instead seen a “black swan” emerge internally first.
Aave, which has long occupied the throne of lending agreements, is now facing the most severe ecosystem shake-up since its founding. There has been no hacker attack, no code vulnerabilities—only power gone out of control and conflicting interests.
From BGD Labs, a technical cornerstone, decisively leaving, to a public break between governance pioneer ACI (Aave Chan Initiative), and then to Chaos Labs, the risk-management steward, announcing that it is parting ways— a major “service provider retreat” is unfolding.
The depth of this game goes far beyond a mere cooperation dispute; it has triggered
区块客24m ago
Polkadot Undergoes Bridge Exploit, Attacker Mints 1B $DOT on Ethereum
Polkadot faced a major security breach where an attacker minted 1B $DOT coins on Ethereum via a 3rd-party bridge, draining over $240,000 in $ETH. This incident highlights ongoing vulnerabilities in cross-chain infrastructure and its impact on market stability.
BlockChainReporter1h ago
Circle CEO: Due to the “moral dilemma,” the Drift hacker incident, which was not frozen, resulted in the theft of USDC
Circle CEO Jeremy Allaire addressed criticism at a news conference regarding the previously unfrozen stolen USDC, emphasizing that the company will only freeze wallets under law enforcement instructions. In addition, he said Circle is in communication with U.S. lawmakers, hoping to establish a “safe harbor” mechanism for stablecoin issuers.
GateNews1h ago
A woman in Hong Kong in her 50s was scammed through online romance, losing more than 2 million yuan; the scammer claimed to be a cryptocurrency investment expert.
Hong Kong police have disclosed a cryptocurrency investment scam in which a woman was tricked on Instagram, losing more than 2 million yuan. The fraudster posed as an investment expert, luring her into making transfers and exchanging cash multiple times. Police remind people to be more vigilant when making online friends and to watch out for transfer scams.
GateNews3h ago
Instagram crypto-romance scam: “investment experts” defrauded a woman in her fifty-something from NT$2 million (200萬)
Hong Kong police have recently disclosed an online dating scam in which the losses exceeded HK$2 million. The fraudster initiated contact on Instagram, built trust, and then lured the victim in the name of “cryptocurrency investment,” prompting them to exchange in seven installments for USDT and transfer the funds. Police reminded residents to recognize the hallmarks of scams and advised using anti-fraud tools, urging vigilance when engaging in online dating that involves any fund transfers.
MarketWhisper7h ago
Justin Sun Criticizes WLFI Token Over Transparency Concerns
Justin Sun has exposed that the World Liberty Finance project has backdoor functions in its smart contracts, allowing asset confiscation without notice. This violates decentralization principles, harming investor rights and undermining trust in the blockchain community.
BlockChainReporter7h ago
