BIPClip Campaign Steals BIP39 Mnemonic Phrases
Researchers have uncovered a new malicious campaign involving seven different open-source packages across 19 versions on the Python Package Index PyPI) with the earliest dating back to December 2022. The campaign dubbed BIPClip aims to steal mnemonic phrases used for recovering crypto wallets highlighting the ongoing targeting of cryptocurrency in supply chain attacks. This campaign demonstrates the lengths to which threat actors go to disguise their malicious activities utilizing tactics like malicious file dependencies and name squatting. Targets include developers involved in cryptocurrency wallet generation and security particularly those implementing Bitcoin Improvement Proposal 39 (BIP39) which simplifies wallet seed generation using mnemonic phrases for easier recall.