Hackers sneak crypto wallet-stealing code into a popular AI tool that runs every time

A poisoned release of LiteLLM turned a routine Python install into a crypto-aware secret stealer that searched for wallets, Solana validator material, and cloud credentials every time Python started. On Mar. 24, between 10:39 UTC and 16:00 UTC, an attacker who had gained access to a maintainer account published two malicious versions of LiteLLM to PyPI: 1.82.7 and 1.82.8. LiteLLM markets itself as a unified interface…