VDB
KO

MAL-2026-3411

Malicious code in web3-py-checksum (PyPI)

Details

--- _-= Per source details. Do not edit below this line.=-_

## Source: kam193 (4b2052172f5c854b2e91f6bdc9336a97469cd161372621a1880d9cd1e3ad426a) The code silently exfiltrates the private key of a crypto account.

---

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-05-old-web3-py-checksum

Reasons (based on the campaign):

- crypto-related

- exfiltration-crypto

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / web3-py-checksum

No fixed version published yet for web3-py-checksum (pip). Pin to a known-safe version or switch to an alternative.

References