March 6, 2025 By Bill Toulas
A malicious Python Package Index (PyPI) package named "set-utils" has been stealing Ethereum private keys through intercepted wallet creation functions and exfiltrating them via the Polygon blockchain.
The package disguises itself as a utility for Python, mimicking the popular "python-utils," which has over 712 million downloads, and "utils," which counts over 23.5 million installs.
Researchers from the developer cybersecurity platform Socket discovered the malicious package and reported that set-utils had been downloaded over a thousand times since its submission on PyPI on January 29, 2025.
The open-source supply chain security firm reports that the attacks primarily target blockchain developers utilizing 'eth-account' for wallet creation and management, Python-based DeFi projects, Web3 apps with Ethereum support, and personal wallets using Python automation.
