ReversingLabs detected a malicious package named 'aiocpa' on PyPI, engineered to compromise cryptocurrency wallets. Unlike typical attacks, the actors published their own crypto client tool to attract users before compromising them through a malicious update. The package appeared legitimate, with multiple versions and good documentation. Machine learning-based threat hunting revealed suspicious obfuscated code in versions 0.1.13 and 0.1.14, designed to exfiltrate sensitive crypto trading information. The incident highlights the growing sophistication of open-source software threats and the need for advanced security tools in development processes.