Cybersecurity researchers have uncovered two malicious Rust crates that mimic a trusted library, ultimately stealing Solana and Ethereum wallet keys. With a total of 8,424 downloads, these crates underscore the growing threat to open-source software supply chains.
Subscribe
Cryptocurrency
Industry News
Security and Privacy Features
Malicious Rust Crates Steal Solana and Ethereum Keys — 8,424 Downloads Confirmed
Photo by The Hacker News
Key Takeaways:
- Two crates, faster_log and async_println, impersonate a legitimate library.
- Cybercriminals targeted Solana and Ethereum wallet keys.
- The malicious crates were collectively downloaded 8,424 times.
- They were published on May 25, 2025, by aliases “rustguruman” and “dumbnbased.”
- This incident highlights the software supply chain’s vulnerability.
The Discovery
Cybersecurity researchers recently identified two malicious Rust crates that disguise themselves as a legitimate library. Known as faster_log and async_println, these crates first caught attention when they appeared suspiciously similar to the established fast_log library. The threat actors behind this scheme, operating under the aliases “rustguruman” and “dumbnbased,” published their crates on May 25, 2025.
The Malicious Method
Instead of offering the same logging functionalities as the authentic fast_log library, these impostor crates incorporated code designed to steal cryptocurrency wallet keys. Solana and Ethereum keys were specifically targeted, exposing unsuspecting developers—and potentially their users—to significant risk. This deceptive approach underscores the importance of scrutinizing dependencies and packages before integrating them into projects.
Impact and Download Figures
According to researchers, the faster_log and async_println crates were collectively downloaded 8,424 times. Such download numbers point to possible widespread exposure among developers who may unknowingly incorporate these dangerous crates into their codebases. In a realm where digital assets and projects require frequent updates, new vulnerabilities can spread rapidly.
Actor’s Aliases and Publication Timeline
Appearing under the aliases “rustguruman” and “dumbnbased,” these malicious actors took advantage of open-source ecosystems’ trust-based model. The crates’ release on May 25, 2025, underscores how quickly threats can disseminate once malicious code is added to a package repository.
Broader Security Implications
This incident signals a larger issue within software development communities. As open-source repositories grow, verifying publisher credibility and analyzing code thoroughly become ever more crucial. Attacks like this illustrate how malicious actors can target the supply chain, putting both developers and end-users at risk.
Next Steps
Such attacks remind us that due diligence is key to securing projects. Developers should carefully vet any library or package they incorporate, monitor for unusual activities, and keep an eye on security advisories. Only through vigilance can the open-source community preserve the integrity and safety of its software repositories.
