Buy Crypto- Markets
Futures- Spot
- Copy Trade
- Earn
- More
litellm encountered a PyPI supply chain attack, allowing the theft of all sensitive credentials such as SSH keys with a simple installation
By: rootdata|2026/03/25 08:42:00
0
Share
Andrej Karpathy posted on the X platform that litellm has encountered a PyPI supply chain attack, where executing pip install litellm can steal SSH keys, AWS/GCP/Azure credentials, Kubernetes configurations, git credentials, environment variables, encrypted wallets, SSL private keys, CI/CD keys, and database passwords.
litellm has a monthly download volume of 97 million, and the risk can spread to all projects that depend on litellm, such as dspy. The version with the malicious code was online for less than about 1 hour, and it was discovered due to a flaw in the attack code that caused Callum McMahon's machine to run out of memory and crash. Andrej Karpathy stated that supply chain attacks are the most threatening issue in modern software, as each installation of dependencies can introduce tampered packages deep within the dependency tree, leading him to increasingly prefer reducing dependencies and using LLM to directly implement simple functions.
You may also like
Morning News | Invesco acquires a $900 million on-chain fund from Superstate; ParaFi has raised $125 million for its new fund; Solana Foundation launches developer platform SDP
Overview of Important Market Events on March 24
What is the background of this new fund that the two major prediction market platforms have rarely joined forces to create?
When Klashi's early employees went out to raise funds, the two CEOs chose to appear together on the list of investors.
SIREN, another leveraged scam
What kind of experience can we gain from these similar situations?
Token has become extremely popular, and the blockchain is very sad
When AI's tokens become the new "digital oil," blockchain can only watch its once-dreamed dreams materialize in a completely unfamiliar way. This misaligned popularization is a victory for AI, but also the deepest helplessness for blockchain.
Tether's major shareholder invests £12 million to support the "British version of Trump" in the cryptocurrency sector
In the United States, the story of the cryptocurrency industry pouring money to support Trump and reclaiming regulatory dominance has come to an end. In the United Kingdom, the same script is being replayed.
Huang Renxun's Latest Podcast: Will NVIDIA Reach $1 Trillion? Will the Number of Programmers Increase Instead of Decrease? How to Deal with AI Anxiety?
Hashpower will determine everything; human work will only be restructured, not disappear
Besides Resolv Hack, This DeFi Vulnerability Type Has Occurred Four Times
17 minutes, 100k turned into 25M.
Trump Cries Peace, $1.5 Billion Dash | Rewire News Evening Brief
In the first 15 minutes of trading, $1.5 billion in futures trades have already taken place
From x402 to MPP: Cloudflare's crucial vote, will it go to Coinbase or Stripe?
Cloudflare is both building walls and opening windows. It provides both blocking tools and paid access tools. They decide what is kept out, what is allowed in, and under what conditions it can enter.
BlackRock CEO issues annual open letter: The wave of tokenization has arrived, and we will lead this trend
Rebuild capitalism that belongs to everyone.
When Backpack backstabs the community
Once a fundamental rift in trust appears, the cost that Backpack must pay to repair it is likely far more expensive than the profits previously "harvested" through service fees.
When gold is no longer a safe haven, and Bitcoin continues to panic
The whole world is waiting for the Strait of Hormuz to reopen. Why not guess which type of asset will return to pre-war levels first?
Trump, the World's Largest Oil Trader
No matter the outcome, he will not lose money.
If the US and Iran have not reached an agreement in 5 days, what other cards does Trump have?
A $100 Brent implies an approximate 30-40% "strike probability".
Tether Whale Dumps £12 Million, Backing Crypto’s ‘British Trump’
In the US, the crypto industry's big-money push to back Trump and reclaim regulatory control has already played out. In the UK, the same script is unfolding once again.
Ethereum Foundation Post: Rethinking the Division of Work Between L1 and L2 to Build the Ultimate Ethereum Ecosystem
Five years in the making, the Ethereum Foundation has updated the L1 and L2 ecosystem positioning and overarching guidance.
Two Major Prediction Market Platforms Unite Rarely, What Is the Story Behind This New Fund?
When Klashi's early employees went out to raise funds, the two CEOs chose to appear together on the investor list.
Dragonfly Partners: Most agents will not engage in autonomous trading, how can crypto payments prevail?
Although the scale of the agent economy will be very large, the proportion of agents actually conducting transactions will not be that high.
Morning News | Invesco acquires a $900 million on-chain fund from Superstate; ParaFi has raised $125 million for its new fund; Solana Foundation launches developer platform SDP
Overview of Important Market Events on March 24
What is the background of this new fund that the two major prediction market platforms have rarely joined forces to create?
When Klashi's early employees went out to raise funds, the two CEOs chose to appear together on the list of investors.
SIREN, another leveraged scam
What kind of experience can we gain from these similar situations?
Token has become extremely popular, and the blockchain is very sad
When AI's tokens become the new "digital oil," blockchain can only watch its once-dreamed dreams materialize in a completely unfamiliar way. This misaligned popularization is a victory for AI, but also the deepest helplessness for blockchain.
Tether's major shareholder invests £12 million to support the "British version of Trump" in the cryptocurrency sector
In the United States, the story of the cryptocurrency industry pouring money to support Trump and reclaiming regulatory dominance has come to an end. In the United Kingdom, the same script is being replayed.
Huang Renxun's Latest Podcast: Will NVIDIA Reach $1 Trillion? Will the Number of Programmers Increase Instead of Decrease? How to Deal with AI Anxiety?
Hashpower will determine everything; human work will only be restructured, not disappear
App