Malicious Rust Crates Exfiltrate Solana and Ethereum Keys

First reported

25.09.2025 10:59

Last updated

1 unique sources, 1 articles

Summary

Hide ▲

Two malicious Rust crates, faster_log and async_println, were published to steal Solana and Ethereum wallet keys from source code. The crates, uploaded by threat actors rustguruman and dumbnbased, were downloaded 8,424 times. The crates impersonated a legitimate library, fast_log, and exfiltrated keys via HTTP POST to a command and control endpoint. The crates have been removed from crates.io, and the accounts have been disabled. The malicious crates were discovered by cybersecurity researchers, who found that the crates included working logging code to cover their malicious routines. The crates scanned source files for private keys and exfiltrated them to a hardcoded C2 endpoint. The attack used typosquatting and mimicked legitimate endpoints to avoid detection. The crates did not have any dependent downstream crates, and the linked GitHub accounts remain accessible. The threat actors used minimal code and simple deception to create a supply chain risk, highlighting the potential for such attacks to reach developer laptops and CI systems.

Timeline

25.09.2025 10:59 1 articles · 4d ago

Malicious Rust Crates Exfiltrate Solana and Ethereum Keys
Two malicious Rust crates, faster_log and async_println, were published on May 25, 2025, to steal Solana and Ethereum wallet keys from source code. The crates were downloaded 8,424 times and impersonated the legitimate library fast_log. The crates included working logging code to cover their malicious routines and scanned source files for private keys, exfiltrating them to a hardcoded C2 endpoint. The attack used typosquatting and mimicked legitimate endpoints to avoid detection. The crates have been removed from crates.io, and the accounts have been disabled.
Show sources

Malicious Rust Crates Steal Solana and Ethereum Keys — 8,424 Downloads Confirmed — thehackernews.com — 25.09.2025 10:59
Open in new tab

Information Snippets

Two malicious Rust crates, faster_log and async_println, were published on May 25, 2025.
First reported: 25.09.2025 10:59

1 source, 1 article
Show sources
- Malicious Rust Crates Steal Solana and Ethereum Keys — 8,424 Downloads Confirmed — thehackernews.com — 25.09.2025 10:59
The crates were uploaded by threat actors using the aliases rustguruman and dumbnbased.
First reported: 25.09.2025 10:59

1 source, 1 article
Show sources
- Malicious Rust Crates Steal Solana and Ethereum Keys — 8,424 Downloads Confirmed — thehackernews.com — 25.09.2025 10:59
The crates amassed 8,424 downloads in total.
First reported: 25.09.2025 10:59

1 source, 1 article
Show sources
- Malicious Rust Crates Steal Solana and Ethereum Keys — 8,424 Downloads Confirmed — thehackernews.com — 25.09.2025 10:59
The crates impersonated the legitimate library fast_log to steal Solana and Ethereum wallet keys.
First reported: 25.09.2025 10:59

1 source, 1 article
Show sources
- Malicious Rust Crates Steal Solana and Ethereum Keys — 8,424 Downloads Confirmed — thehackernews.com — 25.09.2025 10:59
The crates included working logging code to cover their malicious routines.
First reported: 25.09.2025 10:59

1 source, 1 article
Show sources
- Malicious Rust Crates Steal Solana and Ethereum Keys — 8,424 Downloads Confirmed — thehackernews.com — 25.09.2025 10:59
The crates scanned source files for private keys and exfiltrated them to a hardcoded C2 endpoint.
First reported: 25.09.2025 10:59

1 source, 1 article
Show sources
- Malicious Rust Crates Steal Solana and Ethereum Keys — 8,424 Downloads Confirmed — thehackernews.com — 25.09.2025 10:59
The attack used typosquatting and mimicked legitimate endpoints to avoid detection.
First reported: 25.09.2025 10:59

1 source, 1 article
Show sources
- Malicious Rust Crates Steal Solana and Ethereum Keys — 8,424 Downloads Confirmed — thehackernews.com — 25.09.2025 10:59
The crates have been removed from crates.io, and the accounts have been disabled.
First reported: 25.09.2025 10:59

1 source, 1 article
Show sources
- Malicious Rust Crates Steal Solana and Ethereum Keys — 8,424 Downloads Confirmed — thehackernews.com — 25.09.2025 10:59
The crates did not have any dependent downstream crates.
First reported: 25.09.2025 10:59

1 source, 1 article
Show sources
- Malicious Rust Crates Steal Solana and Ethereum Keys — 8,424 Downloads Confirmed — thehackernews.com — 25.09.2025 10:59
The linked GitHub accounts remain accessible as of the report.
First reported: 25.09.2025 10:59

1 source, 1 article
Show sources
- Malicious Rust Crates Steal Solana and Ethereum Keys — 8,424 Downloads Confirmed — thehackernews.com — 25.09.2025 10:59