Security News > 2025 > March > This Malicious PyPI Package Stole Ethereum Private Keys via Polygon RPC Transactions

Cybersecurity researchers have discovered a malicious Python package on the Python Package Index (PyPI) repository that's equipped to steal a victim's Ethereum private keys by impersonating popular libraries. The package in question is set-utils, which has received 1,077 downloads to date. It's no longer available for download from the official registry. "Disguised as a simple utility for Python

News URL

https://thehackernews.com/2025/03/this-malicious-pypi-package-stole.html