GitLab's Vulnerability Research team uncovered a cryptocurrency theft campaign targeting the Bittensor ecosystem. Sophisticated attackers used typosquatted Python packages on PyPI, mimicking legitimate Bittensor packages. These malicious packages were published within a short timeframe on August 6, 2025. The attackers specifically targeted the staking functionality within the Bittensor packages. They injected malicious code to silently divert all user funds to their own wallet. This was achieved by hijacking the stake_extrinsic function, using options to bypass confirmation and drain entire wallets. Staking was chosen as an attack vector because users hold significant cryptocurrency and grant wallet access during these operations. The attack exploits the routine nature of staking, making malicious activity less suspicious. Funds were traced through a complex money laundering network, converging at a final consolidation wallet. The typosquatting strategy exploited common typing errors and version mimicking for package installation. GitLab's proactive security measures and automated systems were crucial in detecting and reporting this threat. The swift response highlights the importance of continuous supply chain security monitoring.