Security

Risk warning on SDK supply chain attack

2024-12-19 15:461527

The Bitget security team has identified that hackers have recently uploaded malicious Python packages containing the word "Bitget" to the PyPI repository. If users install these malicious packages, their systems may be compromised, and funds could be stolen. To mitigate this risk, ensure that you only download SDK packages from official channels.

The following malicious package names have been reported:

- python-bitget-api

- python-bitget-connect

- python-bitget-request

- python-bitget-wrapper

Troubleshooting: How to check for malicious packages

To check if any of these packages are installed, run the following command in your terminal:

python show {package name}

If any of the malicious packages are found, uninstall them immediately by running:

pip uninstall {package name} -y

How to install the official SDK package

The official Bitget SDK is currently only available for manual download from the official Bitget API page (https://www.bitget.com/api-doc/common/sdk-postman). Note: Bitget has not yet released any official Python packages on PyPI. Be cautious to ensure you are downloading from legitimate sources.

Join Bitget, the World's Leading Crypto Exchange and Web 3 Company

Sign up on Bitget now >>>
Follow us on Twitter >>>
Join our Community >>>