Security News > 2025 > March > This Malicious PyPI Package Stole Ethereum Private Keys via Polygon RPC Transactions

This Malicious PyPI Package Stole Ethereum Private Keys via Polygon RPC Transactions
2025-03-07 09:51

Cybersecurity researchers have discovered a malicious Python package on the Python Package Index (PyPI) repository that's equipped to steal a victim's Ethereum private keys by impersonating popular libraries. The package in question is set-utils, which has received 1,077 downloads to date. It's no longer available for download from the official registry. "Disguised as a simple utility for Python


News URL

https://thehackernews.com/2025/03/this-malicious-pypi-package-stole.html

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Ethereum 9 0 8 23 2 33
Pypi 15 0 0 1 15 16