CyberHappenings logo

Track cybersecurity events as they unfold. Sourced timelines, daily updates. Fast, privacy‑respecting. No ads, no tracking.

Malicious Rust crates steal Solana and Ethereum keys

First reported
Last updated
1 unique sources, 1 articles

Summary

Hide ▲

Two malicious Rust crates, faster_log and async_println, were discovered impersonating the legitimate library fast_log. These crates, published under the aliases rustguruman and dumbnbased, stole Solana and Ethereum wallet keys from source code. The crates were downloaded 8,424 times before being removed from crates.io. The malicious code executed at runtime, scanning for private keys and exfiltrating them to a command and control (C2) endpoint. The threat actors used typosquatting and mimicked legitimate library names and documentation to deceive developers. The crates were published on May 25, 2025, and were removed following responsible disclosure. The threat actors did not have any dependent downstream crates, and the GitHub accounts linked to the crates.io publisher accounts remain accessible.

Timeline

  1. 25.09.2025 10:59 1 articles · 7h ago

    Malicious Rust crates steal Solana and Ethereum keys

    Two malicious Rust crates, faster_log and async_println, were discovered impersonating the legitimate library fast_log. These crates, published under the aliases rustguruman and dumbnbased, stole Solana and Ethereum wallet keys from source code. The crates were downloaded 8,424 times before being removed from crates.io. The malicious code executed at runtime, scanning for private keys and exfiltrating them to a command and control (C2) endpoint. The threat actors used typosquatting and mimicked legitimate library names and documentation to deceive developers.

    Show sources

Information Snippets