Crypto Chaos: Malicious PyPI Package Hijacks MEXC Trades and Tokens

The ccxt-mexc-futures package on PyPI is no joke; it’s rerouting your MEXC trades straight into a hacker’s piggy bank. This malicious package hijacks API endpoints to swipe crypto tokens and sensitive data. If you’ve downloaded it, revoke those tokens and hit delete faster than a cat meme goes viral.

3P
Published: April 15, 2025 2:19 pmAdded: April 15, 2025 at 7:45 amAssembled by: The Editor
Pro Dashboard

Hot Take:

Forget the Bermuda Triangle; the new place where things mysteriously disappear is the PyPI repository! Cryptocurrency traders, beware: dodgy packages are lurking, and they’re coming for your tokens faster than you can say “blockchain heist.”

Key Points:

  • A malicious package on PyPI targeted MEXC cryptocurrency exchange trades, rerouting orders to a rogue server.
  • The package, named ccxt-mexc-futures, masqueraded as a legitimate extension of the popular ccxt library.
  • It was downloaded over 1,065 times before being removed and could execute arbitrary code to steal sensitive data.
  • Developers are urged to revoke compromised tokens and uninstall the package immediately.
  • The incident highlights the growing threat of counterfeit packages in software supply chains.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?