ON 17 March 2026, bittensor-wallet 4.0.2 was identified as a compromised PyPI package, having been live for about 48 hours before it was yanked. The malicious release was uploaded on 15 March 2026 and exposed for roughly 48 hours, with yanking occurring around 12:06 UTC on 17 March. The backdoor has direct access to private key material and is compiled into the Rust-backed Python library, not a separate file.
It exfiltrates decrypted key data via three independent channels—normal HTTPS, DNS tunnelling, and a DNS-based domain generation algorithm—with multiple C2 layers (including three fixed domains: finney.opentensor-metrics[.]com, finney.metagraph-stats[.]com and finney.subtensor-telemetry[.]com). Defenders are advised to downgrade to 4.0.1, rotate all wallet keys, and block the related C2 domains and DNS patterns.
The incident was analysed using StepSecurity Harden Runner, which captured every C2 connection, and the disclosure provides a step‑by‑step breakdown of how the backdoor operates from decryption to exfiltration.