Official statement from the developers or news outlets

Malicious 'aiocpa' Python Library Trojan Horse Exfiltrates Private Keys to Telegram Bot, 12,100 Downloads

Nov 25, 2024, 01:57 PM

A malicious update in the Python package 'aiocpa', hosted on the Python Package Index (PyPI), has been identified as a Trojan horse that targets private keys. This update was linked to the developers of the Crypto Pay API client and has reportedly been downloaded 12,100 times. The malicious code exfiltrates sensitive data to a Telegram bot, raising significant concerns in the cybersecurity community. Experts are warning users who have downloaded the package to take immediate action to secure their wallets and private keys, as the update poses a serious risk to cryptocurrency security.