Ethereum developers targeted via fake Hardhat plugins

Cybercriminals uploaded at least 20 malicious packages to npm, posing as Hardhat by the Nomic Foundation—a popular development environment for smart contracts and dapps on the Ethereum blockchain, according to Socket analysts.

A malicious npm campaign is targeting #Ethereum developers by impersonating @HardhatHQ plugins and the @NomicFoundation. Socket researchers have identified 20 malicious packages that exfiltrate sensitive data like private keys and mnemonics. https://t.co/xNkQQhQapG #JavaScript

— Socket (@SocketSecurity) January 2, 2025

Using typosquatting, the malware attempted to pass itself off as legitimate packages. The ultimate goal was to steal private keys and other sensitive data.

The malicious packages were downloaded more than 1,000 times in total.

According to experts, the attackers could have gained unauthorised access to production systems and API keys for third-party services, compromised smart contracts, or deployed malicious versions of existing dapps for subsequent attacks.

In December 2024, hackers targeted Solana developers via a library swap in JavaScript.