Malicious Rust crates steal Solana and Ethereum keys
Summary
Hide ▲
Show ▼
Two malicious Rust crates, faster_log and async_println, were discovered impersonating the legitimate library fast_log. These crates, published under the aliases rustguruman and dumbnbased, stole Solana and Ethereum wallet keys from source code. The crates were downloaded 8,424 times before being removed from crates.io. The malicious code executed at runtime, scanning for private keys and exfiltrating them to a command and control (C2) endpoint. The threat actors used typosquatting and mimicked legitimate library names and documentation to deceive developers. The crates were published on May 25, 2025, and were removed following responsible disclosure. The threat actors did not have any dependent downstream crates, and the GitHub accounts linked to the crates.io publisher accounts remain accessible.
Timeline
-
25.09.2025 10:59 1 articles · 7h ago
Malicious Rust crates steal Solana and Ethereum keys
Two malicious Rust crates, faster_log and async_println, were discovered impersonating the legitimate library fast_log. These crates, published under the aliases rustguruman and dumbnbased, stole Solana and Ethereum wallet keys from source code. The crates were downloaded 8,424 times before being removed from crates.io. The malicious code executed at runtime, scanning for private keys and exfiltrating them to a command and control (C2) endpoint. The threat actors used typosquatting and mimicked legitimate library names and documentation to deceive developers.
Show sources
- Malicious Rust Crates Steal Solana and Ethereum Keys — 8,424 Downloads Confirmed — thehackernews.com — 25.09.2025 10:59
Information Snippets
-
The malicious Rust crates, faster_log and async_println, were published on May 25, 2025.
First reported: 25.09.2025 10:591 source, 1 articleShow sources
- Malicious Rust Crates Steal Solana and Ethereum Keys — 8,424 Downloads Confirmed — thehackernews.com — 25.09.2025 10:59
-
The crates were downloaded 8,424 times before being removed.
First reported: 25.09.2025 10:591 source, 1 articleShow sources
- Malicious Rust Crates Steal Solana and Ethereum Keys — 8,424 Downloads Confirmed — thehackernews.com — 25.09.2025 10:59
-
The crates impersonated the legitimate library fast_log, copying its source code, features, and documentation.
First reported: 25.09.2025 10:591 source, 1 articleShow sources
- Malicious Rust Crates Steal Solana and Ethereum Keys — 8,424 Downloads Confirmed — thehackernews.com — 25.09.2025 10:59
-
The malicious code scanned Rust files for Solana and Ethereum private keys and exfiltrated them via HTTP POST to a C2 endpoint.
First reported: 25.09.2025 10:591 source, 1 articleShow sources
- Malicious Rust Crates Steal Solana and Ethereum Keys — 8,424 Downloads Confirmed — thehackernews.com — 25.09.2025 10:59
-
The C2 endpoint used was a Cloudflare Workers domain mimicking Solana's Mainnet beta RPC endpoint.
First reported: 25.09.2025 10:591 source, 1 articleShow sources
- Malicious Rust Crates Steal Solana and Ethereum Keys — 8,424 Downloads Confirmed — thehackernews.com — 25.09.2025 10:59
-
The crates did not have any dependent downstream crates.
First reported: 25.09.2025 10:591 source, 1 articleShow sources
- Malicious Rust Crates Steal Solana and Ethereum Keys — 8,424 Downloads Confirmed — thehackernews.com — 25.09.2025 10:59
-
The GitHub accounts linked to the crates.io publisher accounts remain accessible.
First reported: 25.09.2025 10:591 source, 1 articleShow sources
- Malicious Rust Crates Steal Solana and Ethereum Keys — 8,424 Downloads Confirmed — thehackernews.com — 25.09.2025 10:59