SlowMist CISO: LiteLLM Targeted in PyPI Supply Chain Attack, Sensitive Information such as Cryptocurrency Wallets and Cloud Credentials at Risk of Leakage

2 hours ago

**Alert: LiteLLM PyPI Supply Chain Attack Confirmed** On March 25, SlowMist’s Chief Information Security Officer (CISO) 23pds reported that **LiteLLM**—a Python AI gateway library with 97M+ monthly downloads—has been targeted in a PyPI supply chain attack. Running the `pip install litellm` command allows attackers to exfiltrate sensitive data from users’ devices, including: - SSH keys - Cloud service credentials (AWS/GCP/Azure) - Kubernetes configuration files - Git credentials - API keys stored in environment variables - Shell history - Cryptocurrency wallet information - Database passwords This is a critical supply chain risk for users relying on the library.

Add to Favorites Download image Share x Copy link

Relevant content

Source: Source: Tether to Undergo First Full Financial Audit or for Fundraising Needs

March 25th — Bloomberg reported Wednesday that Tether Holdings SA, the issuer of the stablecoin Tether, has paused a $20 billion financing plan. The firm is awaiting results from its first full financial audit and could restart fundraising once the audit wraps up. During the fundraising process, potential investors and bankers have pushed Tether to boost financial transparency, though some prospective backers remain willing to support the company before the audit results are released. Tether has already hired an accounting firm to conduct the audit.

1 seconds ago

The top Bitcoin whale on Hyperliquid is shorting BTC while longing crude oil.

On-chain analyst Ai Auntie (@ai_9684xtpa) reported on March 25th that the address 0x94d…33814 opened a combined BTC short and Brent crude long position overnight, with a total notional value of $89.79 million—securing the top BTC position on Hyperliquid. The position breaks down as: - 1,000 BTC in a 40x short (valued at $70.65 million, entry price $69,614) - 202,000 barrels of Brent crude in a 20x long (valued at $19.16 million, entry price $98.32)

1 seconds ago

Circle plunges over 20% in a day, two whales simultaneously buy the dip in the millions to accumulate CRCL

March 25th — Per monitoring from Hyperinsight, U.S. stock crypto-related concept stocks posted a collective decline, with Circle (CRCL) dropping 20.1%. On Hyperliquid, the contract price for this asset currently stands at $102.7. Amid the sharp sell-off, two on-chain whales (0xcee) and (0x51b) simultaneously bottom-fished early this morning. Each opened long positions of roughly $1 million in CRCL, with average entry prices of $106 and $103 respectively. Their liquidation price is set at $95.8 — the closest level to the recent market price.

1 seconds ago

A certain newly created address has deposited 2 million USDC to short 5x on crude oil

March 25th: A newly created wallet deposited 2 million USDC into HyperLiquid and opened a 5x leveraged CL short position, per Onchain Lens monitoring.

1 seconds ago

Despite Bear Market Conditions, Bitcoin CEX Balance Hits Nearly Two-Year Low

**March 25th — Per Coinglass data, Bitcoin accumulation by Strategy and On-Chain Whales has accelerated sharply in recent days.** **Centralized exchange (CEX) wallet balances for Bitcoin have dropped to a nearly two-year low of 2.4633 million BTC.** **Key outflow metrics: - 24-hour net outflow from CEXs: 8,323.72 BTC - 30-day net outflow: 32,190.17 BTC**

1 seconds ago

US Media: Iran Tells US It Doesn't Want to Negotiate with Trump's Son-in-Law, Prefers Talks with Pence

March 25 (CNN) — Iran has informed the U.S. it is not interested in peace talks with Trump team envoys Witkoff and Kushner, preferring instead to negotiate with JD Vance. Witkoff and Kushner, diplomatic representatives from the Trump team with real estate development backgrounds, pushed for isolating Iran via the Abraham Accords. Vance’s experience deployed in Iraq and anti-war stance, meanwhile, have made him more credible to Iran.

1 seconds ago

Hot feeds

A trader profits $448K by monitoring #Binance's new listings!