GitLab Uncovers Theft Campaign Targeting Bittensor Tokens via PyPi Repository
GitLab has uncovered a cyberattack using the PyPi package repository to steal Bittensor tokens, showcasing the importance of securing software supply chains. Learn more in our breakdown of the threat and GitLab's response.
GitLab Exposes Bittensor Token Theft Scheme via PyPi
In a significant security revelation, GitLab has uncovered a targeted cyberattack exploiting the popular PyPi package repository to infiltrate systems and steal Bittensor ($TAO) tokens. The attack was first detected by GitLab’s Threat Intelligence team, underscoring the critical role GitLab’s monitoring capabilities play in securing the software supply chain.
Threat actors uploaded malicious Python packages to PyPi, embedding them with functions designed to hijack SSH keys, extract cryptocurrency wallet data, and manipulate clipboard content. These packages were disguised as legitimate tools—typical of today’s increasingly sophisticated software supply chain attacks.
The primary goal was to compromise machines with access to Bittensor wallets and exfiltrate $TAO through surreptitious transfers. Bittensor, a decentralised machine learning network, has gained significant value recently, making it a lucrative target for attackers.
GitLab’s timely discovery and detailed investigation have not only highlighted the threat but also ensured proactive removal of the compromised packages from PyPi and notification to affected users.
This event again demonstrates the importance of secure DevSecOps pipelines and constant vigilance across dependencies and open-source ecosystems. As GitLab continues to support developers and enterprises in strengthening their cyber resilience, organisations are advised to scan their environments and adopt secure package policies.
Need help reinforcing your software supply chain? IDEA GitLab Solutions offers expert GitLab consulting, licensing and implementation services throughout Czech Republic, Slovakia, Croatia, Serbia, Slovenia, Macedonia, the United Kingdom—and globally via our remote teams in Israel, South Africa, and Paraguay. Contact us to safeguard your development lifecycle today.
Tags:GitLabBittensorTAOPyPicybersecuritysupply chain attackDevSecOpsthreat intelligenceIDEA GitLab Solutionsopen-source security
Other languages:ČeštinaSlovenčinaHrvatskiSrpski (Latinica)Српски (Ћирилица)
- AI in Action Hackathon: GitLab’s Celebration of Intelligent Innovation
- Transform Your Compliance Observation Strategy with GitLab
- Software Development Best Practices in the LLM Era
- Accelerate Learning and Delivery with GitLab Duo Agent Platform
- Why Now is the Time for Embedded DevSecOps - Secure Your Software Lifecycle