ᛤ ₿iasΞd ᛤ

Software horror: litellm PyPI supply chain attack. Simple `pip install litellm` was enough to exfiltrate SSH keys, AWS/GCP/Azure creds, Kubernetes configs, git credentials, env vars (all your API keys), shell history, crypto wallets, SSL private keys, CI/CD secrets, database passwords. LiteLLM itself has 97 million downloads per month which is already terrible, but much worse, the contagion spreads to any project that depends on litellm. For example, if you did `pip install dspy` (which depended on litellm>=1.64.0), you'd also be pwnd. Same for any other large project that depended on litellm. Afaict the poisoned version was up for only less than ~1 hour. The attack had a bug which led to its discovery - Callum McMahon was using an MCP plugin inside Cursor that pulled in litellm as a transitive dependency. When litellm 1.82.8 installed, their machine ran out of RAM and crashed. So if the attacker didn't vibe code this attack it could have been undetected for many days or weeks. Supply chain attacks like this are basically the scariest thing imaginable in modern software. Every time you install any depedency you could be pulling in a poisoned package anywhere deep inside its entire depedency tree. This is especially risky with large projects that might have lots and lots of dependencies. The credentials that do get stolen in each attack can then be used to take over more accounts and compromise more packages. Classical software engineering would have you believe that dependencies are good (we're building pyramids from bricks), but imo this has to be re-evaluated, and it's why I've been so growingly averse to them, preferring to use LLMs to "yoink" functionality when it's simple enough and possible.

🚨BREAKING - Software Horror: LiteLLM HAS BEEN COMPROMISED. IF YOU INSTALLED IT TODAY YOUR SSH KEYS, AWS CREDENTIALS, AND API KEYS ARE ALREADY GONE. One pip install. Everything stolen. Here is what happened and why every developer needs to stop what they are doing right now. At 10:52 UTC on March 24 2026, litellm version 1.82.8 was published to PyPI containing a malicious file called litellm_init.pth. It executes automatically on every single Python process startup the moment litellm is installed. No interaction required. No warning. No visible sign anything went wrong. The attack was discovered by Callum McMahon at FutureSearch only because the malware contained a bug. It triggered an exponential fork bomb that crashed his machine while an MCP plugin inside Cursor pulled in litellm as a transitive dependency. If the attacker had written cleaner code this would have run silently for days or weeks across millions of machines. Version 1.82.7 has since been confirmed compromised as well. ↳ 97 million downloads per month making this one of the most installed Python packages in AI development ↳ Credentials stolen include SSH keys, AWS, GCP and Azure credentials, Kubernetes configs, API keys, database passwords, shell history, crypto wallets, SSL private keys, and CI/CD secrets ↳ Data encrypted with a 4096 bit RSA key and exfiltrated to a fake litellm domain ↳ If Kubernetes is present the malware reads all cluster secrets and creates a privileged backdoor pod on every node ↳ Persistence installed at the system level via a hidden sysmon service ↳ Any project depending on litellm is also compromised including dspy and dozens of other major AI libraries Here is the part that should change how you think about every pip install you ever run again. This was not a litellm vulnerability. This was a supply chain attack. The malware never touched the litellm GitHub repo. It was uploaded directly to PyPI bypassing the normal release process entirely That means every security review, every code audit, every pull request approval in the litellm project meant nothing. The attack lived one level below where anyone was looking. And because litellm sits inside the dependency tree of dozens of major AI projects, millions of developers who never typed pip install litellm in their lives were exposed anyway. You did not have to do anything wrong. You just had to use a tool that used a tool that was compromised. Discovered and reported by Callum McMahon at FutureSearch on March 24 2026. Reported to PyPI security and litellm maintainers. Community tracking at litellm issue 24512. Full technical breakdown: futuresearch.ai/blog/litellm-p… If you installed or upgraded litellm today do this right now: ↳ Run pip show litellm and check for version 1.82.8 or 1.82.7 ↳ Search for litellm_init.pth in your uv cache and virtual environments ↳ Check for a hidden sysmon.py file at ~/.config/sysmon/ ↳ Rotate every credential on that machine. Assume all of them are already gone. ↳ If you run Kubernetes audit kube-system for pods named node-setup Here is the question every developer and engineering lead needs to answer today. If a single compromised package sitting three levels deep in your dependency tree can silently exfiltrate every credential on every machine in your organization, how many of your current dependencies have you actually read? Share this now. Someone on your team installed litellm today and does not know yet.

Anyone know how long it takes to get Poly tag? @Polysint1 in overdrive 3hUhMMv682kqrgUHLEKwhu9Za3JvoMCWGc68nsnApump

Not a single tracked KOL in yet. Early⬇️ @Polysint1 time to get the poly tag i have an idea. Enable DMs 3hUhMMv682kqrgUHLEKwhu9Za3JvoMCWGc68nsnApump @Kdotcheta @0xCeka @Bullrun_Gravano @mr_pschmitt

Promise kept✅ Jupiter Verification & Mobyscreener next. If you’re not aware, when you pay the DEX for MOBY, the Official Moby X account tweets your project and Ca… 📈 Time to make the $Lepe cult X community into one of the largest ever. Next target 200 members 3QsVBTqry3d2iqyttSWpy2H8jsKweHUoCNcesypzpump

Dev’s last project was solanum which hit 1.5m mcap. Whales aping $moltpad Tech works. Still in. How is this 31k ? 4FNPVWgVBF4Dj7ggvY9NwoaDx8fxviTrJWxpyjwYpump 🐦 x.com/i/communities/… 🌍 moltpadlaunch.fun 🔍

Aped $MoltPad as MidTerm Hold Bag. From now, Molt Agents has a LaunchPad to launch their tokens and have their own business with their tokenomics as a back-up to run the business. The Crypto for Molt Agents through $MoltPad . Anyone can invite their Claw Agent into MoltPadto join at moltpadlaunch.fun If all legit (I believe so, as the Dev' previous project did 1.5Mil MC)- $MoltPad should be few Millions for its value Preposition to Claw Agents. DYOR! 4FNPVWgVBF4Dj7ggvY9NwoaDx8fxviTrJWxpyjwYpump

What are you guys doing? Ape 10-20 sol minimum Hold 1-2% of supply Volume 220k 4FNPVWgVBF4Dj7ggvY9NwoaDx8fxviTrJWxpyjwYpump Dev’s previous hit 1.5m mcap ( solanum ) 100% working tech!

Know what you hold… again for you Tekk works ✅ Dev is here and work ✅ Dex boost on ⚡️ Narrative is fire 🔥 chart looks ready to fly 🚀 Trenches are slow, we are early thats all $MOLTPAD 4FNPVWgVBF4Dj7ggvY9NwoaDx8fxviTrJWxpyjwYpump

This has to crime it just as to 4FNPVWgVBF4Dj7ggvY9NwoaDx8fxviTrJWxpyjwYpump

I need you guys to read this at least 2 to 3 times because most of you have the attention span of a fish🐟 Fyi; dev of $moltpad is the SAME dev as Solanum which hit 1.5m ( read this twice) 💎 Proof⬇️⬇️ 🧑‍💻 HBCe...TRYv   ↳ 💊 Rewards: 157 SOL 🔄 Recent Launches [15] 11m MOLTPAD @ 21K ⇨ 49K [10m] 🚀 Top Launches 11m MOLTPAD @ 22K ⇨ 49K [10m] 38d SOLANUM @ 15K ⇨ 1.5M [32d]

MoltPad isn't a pump.fun fork. It's a full launchpad built for AI agents — with its own configurable fee structure, bonding curve presets, and cashback rewards. Claw Agents register, get their own Solana wallet, and launch real tokens autonomously. Configurable migration targets, dev buys, creator locks all from a single API call. Your agent reads the skill file. It signs up. It launches. curl -s moltpadlaunch.fun/skill.md

@CryptoExpert101 Just happened to catch one of your calls bro... you're a machine. 🤖 👊🏼

@CryptoBiased God bless man🫡

Insanity. Who held? Post ur PNLs motivate each other

If this was your agent, what problem is he trying to solve today?🦞

Folks, I'm looking for @openclaw maintainers. If you love open source, have experience with running larger projects, are security minded and want to help, drop me an email. #maintainers-1" target="_blank" rel="nofollow noopener">github.com/openclaw/openc…