SOFTWARE SUPPLY CHAIN NIGHTMARE: MALICIOUS LITELLM RELEASE EXFILTRATES KEYS, CLOUD CREDS, AND "STEALS MILLIONS IN CRYPTO"

A compromised version of the widely used Python package LiteLLM briefly hit PyPI, and a simple pip install litellm was enough to trigger full credential exfiltration across infected systems.

The malicious releases (v1.82.7 and v1.82.8) weaponized Python’s .pth mechanism, executing code on every interpreter startup, even without importing the package.

Impact was severe:

• SSH keys, cloud creds (AWS, GCP, Azure)
• Kubernetes configs and cluster secrets
• API keys, .env files, CI/CD secrets
• Git credentials, database passwords
• Shell history and crypto wallets

All harvested, encrypted, and exfiltrated to attacker-controlled infrastructure.

LiteLLM sees ~97M monthly downloads, and the real risk came from transitive dependencies. Any project pulling it in, like pip install dspy, was also exposed, massively expanding the blast radius.

The attack was live for under an hour but discovered only due to a bug in the malware itself. A recursive fork bomb crashed a developer’s machine, revealing the compromise. Without that flaw, it may have persisted undetected for days or weeks.

The payload operated in three stages:
Collection: sweeping sensitive files, env vars, and cloud metadata
Exfiltration: AES-256 + RSA encrypted archive sent outbound
Persistence: attempted Kubernetes takeover and system-level backdoors

In K8s environments, it tried to deploy privileged pods across nodes, mount host filesystems, and establish persistent access.

The packages were uploaded directly to PyPI with no matching GitHub release, suggesting a compromised maintainer or API token. Related research ties this to a broader campaign targeting open-source infrastructure.

The GitHub issue was briefly flooded with bot spam and closed, raising further concerns about maintainer compromise during the incident.

The malicious versions have since been removed, but the damage may already be significant.

Early reports suggest real financial losses, including millions in stolen crypto according to Brian Roemmele.

NEW: The FCC has added foreign-made consumer routers to its Covered List, blocking approval of new models over national security concerns.

Officials say the devices pose “unacceptable risks,” including supply chain vulnerabilities and potential cyberattacks on U.S. infrastructure.

Bitcoin just had a 2-block reorg.

Foundry wound up mining 7 blocks in a row and rewrote two of AntPool/ViaBTC's blocks out of history.

At blocks 941881–941882, Foundry and AntPool/ViaBTC were racing on competing chains simultaneously.

Foundry won and their chain became the best chain. AntPool and ViaBTC's two blocks became stale.

They are now orphaned, never to be part of the permanent ledger.

You can verify it yourself on fork.observer

Quick explainer on what a reorg actually is:

Bitcoin's rule is simple: the chain with the most cumulative work wins.

Sometimes two miners find a valid block at nearly the same time.

The network splits briefly, with some nodes following one chain and others following another.

The tie gets broken when someone mines the next block on top of one of them and the longer chain wins.

The losing blocks become "stale" and are discarded entirely.

Those miners get nothing.

A 2-block reorg means this race extended across two consecutive blocks before resolving. This is rare but not unheard of.

H/t 0xB10C

We just got sent the Bitaxe Turbo Touch from SoloSatoshi and this thing delivers.

Setup took minutes and it's practically silent.

Hooked up to Parasite pool and we’re pushing 2+ TH/s straight from the work desk.

Big, clean touch display with block height, price, and latest blocks in real time.

Home mining keeps getting better.

When Donald Trump was first sworn into office in January of 2017, the national debt stood at $19.9 trillion dollars.

It is now over $39 trillion.

We are less than ten days from the ten-year anniversary of Trump's campaign promise to eliminate the national debt within eight years.
It has instead roughly doubled.

It appears Trump has also given up on his campaign promise of "No New Wars.” 

We are on the verge of escalating tensions in the Middle East to levels not seen since Operation Iraqi Freedom. 

With the Pentagon requesting an additional $200 billion for operations in Iran on top of a $1.5 trillion defense budget, the fiscal floodgates are being thrown wide open. 

Maybe even more alarming than the debt total itself is the new cost of carrying it. 

Net interest on the national debt is projected to exceed one trillion dollars in fiscal year 2026. 

That's nearly triple the $345 billion we paid in 2020 prior to COVID.

Over the next thirty years, the government is projected to spend nearly one hundred trillion dollars on interest alone.

And of course nothing balloons the debt and creates new money like war. 

In WWI, US money supply went up 117%. In WWII, up 200%.

The avalanche is coming as nine in ten Americans now say this debt is directly driving up their cost of living. 

And while gold stole the show in 2025, since the outbreak of the Iran conflict, the market has made a choice. Gold is down 16%; Bitcoin is up 11%.

People fleeing the Middle East are liquidating their gold as it's too heavy and too hard to move. 

Instead they're buying Bitcoin.

The debt was already exploding. Now we have a conflict on the precipice of erupting into a much larger war. 

Bitcoin's resilience tells you everything about what this asset is and what it's becoming.

You might want to get some, before it catches on.

The Strait of Hormuz standoff could be the match that lights a sovereign debt crisis.

Our latest newsletter drops tomorrow morning. Sign up below to get it.

Then join Rob Wallace and ₿TC-GUS live on X at 12:30pm ET as they break it all down.

https://bitcoinnews.com/subscribe

The Skull of Satoshi is such an epic piece of Bitcoin lore.

It caused the entire community to rally against the environmental FUD spreaders and adopt the symbol as our own.

Sure, let’s just stack a $1.5 trillion annual defense budget on top of another $200 billion for the Iran war on top of this.

Why not?

NEW: Analyst Alessio Rastani says Bitcoin’s recent rebound lacks the strength to confirm a sustained uptrend, warning that another drop, potentially below $60,000, remains likely before a true bottom forms. 😱

Bitcoin UTXO Realized Price Distribution shows a notable void in the $72K-$82K buy zone.

NEW: Gemini has reduced its workforce by 30% since the beginning of the year.

NEW: Kentucky House Bill 380 (HB380), Section 33, requires hardware wallet providers to “provide a mechanism and assist any person” in resetting wallet access credentials—a mandate that is de-facto unenforceable for non-custodial wallets.