{
  "title": "semantic-types PyPI Solana Keypair Monkey Patch",
  "summary": "Socket reported that semantic-types became malicious at version 0.1.5 and 0.1.6, with five Solana-themed PyPI packages pulling it transitively. The payload monkey-patched solders.keypair.Keypair constructors, encrypted Solana private keys with an RSA-2048 public key, and exfiltrated ciphertext through Solana Devnet SPL memo transactions.",
  "date": "2025-01-26",
  "severity": "high",
  "tags": [
    "pypi",
    "supply-chain",
    "solana",
    "cryptocurrency",
    "monkey-patching"
  ],
  "sources_count": 1,
  "indicators": {
    "slug": "semantic-types-pypi-solana-monkey-patch",
    "since": "2025-01-26T00:00:00Z",
    "until": "2025-05-29T23:59:59Z",
    "ecosystem": "pypi",
    "cves": [],
    "cwes": [],
    "advisoryIds": [],
    "products": [],
    "packages": [],
    "versions": [
      "0.1.5",
      "0.1.6",
      "semantic-types==0.1.5",
      "semantic-types==0.1.6",
      "solana-keypair",
      "solana-publickey",
      "solana-mev-agent-py",
      "solana-trading-bot",
      "soltrade"
    ],
    "affectedVersions": [],
    "fixedVersions": [],
    "files": [],
    "paths": [],
    "services": [],
    "domains": [
      "api.devnet.solana.com",
      "solders.keypair.Keypair"
    ],
    "urls": [
      "https://api.devnet.solana.com"
    ],
    "ips": [],
    "hashes": [
      "5a4d8480c9d1e82ba102f200258882fb9e694e8fc0343b6982c5540beccdca62"
    ],
    "processPatterns": [],
    "networkPatterns": [],
    "telemetrySelectors": []
  }
}