Security News

This Malicious PyPI Package Stole Ethereum Private Keys via Polygon RPC Transactions
2025-03-07 09:51

Cybersecurity researchers have discovered a malicious Python package on the Python Package Index (PyPI) repository that's equipped to steal a victim's Ethereum private keys by impersonating...

Ethereum private key stealer on PyPI downloaded over 1,000 times
2025-03-06 17:11

A malicious Python Package Index (PyPI) package named "set-utils" has been stealing Ethereum private keys through intercepted wallet creation functions and exfiltrating them via the Polygon...

Cybercriminals Target Ethereum Developers with Fake Hardhat npm Packages
2025-01-06 09:28

Cybersecurity researchers have revealed several malicious packages on the npm registry that have been found impersonating the Nomic Foundation's Hardhat tool in order to steal sensitive data from...

Malicious npm packages target Ethereum developers' private keys
2025-01-03 15:53

Twenty malicious packages impersonating the Hardhat development environment used by Ethereum developers are targeting private keys and other sensitive data. [...]

Malicious Obfuscated NPM Package Disguised as an Ethereum Tool Deploys Quasar RAT
2025-01-02 07:45

Cybersecurity researchers have discovered a malicious package on the npm package registry that masquerades as a library for detecting vulnerabilities in Ethereum smart contracts but, in reality,...

Malware Campaign Uses Ethereum Smart Contracts to Control npm Typosquat Packages
2024-11-05 05:33

An ongoing campaign is targeting npm developers with hundreds of typosquat versions of their legitimate counterparts in an attempt to trick them into running cross-platform malware. The attack is...

Malicious npm Packages Target Developers' Ethereum Wallets with SSH Backdoor
2024-10-22 09:33

Cybersecurity researchers have discovered a number of suspicious packages published to the npm registry that are designed to harvest Ethereum private keys and gain remote access to the machine via...

Ethereum mailing list breach exposes 35,000 to crypto draining attack
2024-07-04 16:17

A threat actor compromised Ethereum's mailing list provider and sent to over 35,000 addresses a phishing email with a link to a malicious site running a crypto drainer. Ethereum disclosed the incident in a blog post this week and said that it had no material impact on users.

How two brothers allegedly swiped $25M in a 12-second Ethereum heist
2024-05-18 06:29

Feds scoff at blockchain integrity while software bug said to have been at heart of the matter The US Department of Justice has booked two brothers on allegations that they exploited open source...

Brothers arrested for $25 million theft in Ethereum blockchain attack
2024-05-15 18:36

The U.S. Department of Justice has indicted two brothers for allegedly manipulating the Ethereum blockchain and stealing $25 million worth of cryptocurrency within approximately 12 seconds in a "First-of-its-kind" scheme. "The brothers, who studied computer science and math at one of the most prestigious universities in the world, allegedly used their specialized skills and education to tamper with and manipulate the protocols relied upon by millions of Ethereum users across the globe. And once they put their plan into action, their heist only took 12 seconds to complete," said U.S. Attorney Damian Williams.