Update software-supply-chain-attacks-crypto.md

monperrus · web-flow · commit 7fe58f61270b · 2025-08-15T09:22:15.000+02:00
diff --git a/software-supply-chain-attacks-crypto.md b/software-supply-chain-attacks-crypto.md
@@ -196,6 +196,11 @@ The threat actor embedded a covert key‑stealing payload inside the Python pack
 
 Source: <https://socket.dev/blog/monkey-patched-pypi-packages-steal-solana-private-keys>
 
+### 22.  Python crypto library bitcoinlib targeted with a fake fix
+
+The attacked Python package is bitcoinlib, a popular Python library that contains features for creating and managing Bitcoin wallets, interacting with the Bitcoin blockchain, and running Bitcoin scripts, among other things.  The malicious packages detected were named bitcoinlibdbfix and bitcoinlib-dev. Both names are apparent references to an issue raised recently related to error messages being generated by bitcoinlib during bitcoin transfers, with calls from developers for the maintainers to address that issue. 
+
+Source: <https://www.reversinglabs.com/blog/malicious-python-packages-target-popular-bitcoin-library>
 
 ## Hardware supply chain attacks
 
