Ethereum private key stealer on PyPI downloaded over 1,000 times

A malicious Python Package Index (PyPI) package named "set-utils" has been stealing Ethereum private keys through intercepted wallet creation functions and exfiltrating them via the Polygon blockchain. The package disguises itself as a utility for Python, mimicking the popular "python-utils," which has over 712 million downloads, and "utils," which counts over 23.5 million installs. Researchers from the developer cybersecurity platform Socket discovered the malicious package and reported that set-utils had been downloaded over a thousand times since its submission on PyPI on January 29, 2025. The open-source supply chain security firm reports that the attacks primarily target blockchain developers utilizing 'eth-account' for wallet creation and management, Python-based DeFi projects, Web3 apps with Ethereum support, and personal wallets using Python automation. The malicious package on PyPI Source: Socket As the malicious package is targeting cryptocurrency projects, even though ... Read full article.