A malicious campaign is actively targeting Ethereum developers in the wild. The campaign targets the developers with fake Hardhat npm packages to steal private keys. Developers must employ adequate monitoring and security measures to protect their development environments from such threats.
New Malicious Campaign Uses Fake Hardhat npm Packages To Steal Private Keys
According to a recent post from Socket.dev Research Team, they found a new malicious campaign actively targeting Ethereum developers.
Specifically, the campaign is more of a supply chain attack targeting Nomic Foundation and Hardhat platforms. The campaign involves targeting Ethereum developers with fake Hardhat npm packages.
The threat actors behind this campaign have named malicious packages resembling legit Hardhat plugins to trick users. The packages even claim to offer the same functionalities as the legit plugins. These packages also tend to add legitimacy to trick users by targeting similar deployment processes as that of legit plugins, such as gas optimization and smart contract testing.
Besides, since these packages are hosted on npm, they appear trusted to the developers, making it easy for them to exfiltrate data as they exhibit similar functionalities. This lets the packages steal data such as private keys and mnemonics from the Hardhat environment. The stolen data then gets encrypted with an AES key and transferred to attacker-controlled endpoints.
The attackers may even use these packages to deploy malicious contracts, disrupting the Ethereum mainnet.
The Socket.dev team has shared the details about this malicious campaign in their post. During this study, the researchers identified 20 malicious packages from three authors. One of these packages @nomicsfoundation/sdk-test
even garnered over 1000 downloads, hinting at the extent of potential damages from this campaign.
To avoid this and similar threats, the researchers advise users, particularly Ethereum developers, to implement strict security monitoring and auditing measures in their development environments. Moreover, developers must remain careful when selecting packages, trying their best to avoid falling for malicious packages.