{"id":20203,"date":"2025-01-10T14:50:10","date_gmt":"2025-01-10T12:50:10","guid":{"rendered":"https:\/\/forklog.com\/en\/ethereum-developers-targeted-via-fake-hardhat-plugins\/"},"modified":"2025-01-10T14:50:10","modified_gmt":"2025-01-10T12:50:10","slug":"ethereum-developers-targeted-via-fake-hardhat-plugins","status":"publish","type":"post","link":"https:\/\/forklog.com\/en\/ethereum-developers-targeted-via-fake-hardhat-plugins\/","title":{"rendered":"Ethereum developers targeted via fake Hardhat plugins"},"content":{"rendered":"<p>Cybercriminals uploaded at least 20 malicious packages to <span data-descr=\"node package manager \u2014 the standard package manager\" class=\"old_tooltip\">npm<\/span>, posing as Hardhat by the Nomic Foundation\u2014a popular development environment for smart contracts and <span data-descr=\"decentralized applications\" class=\"old_tooltip\">dapps<\/span> on the Ethereum blockchain, according to Socket analysts.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">A malicious npm campaign is targeting <a href=\"https:\/\/twitter.com\/hashtag\/Ethereum?src=hash&#038;ref_src=twsrc%5Etfw\">#Ethereum<\/a> developers by impersonating <a href=\"https:\/\/twitter.com\/HardhatHQ?ref_src=twsrc%5Etfw\">@HardhatHQ<\/a> plugins and the <a href=\"https:\/\/twitter.com\/NomicFoundation?ref_src=twsrc%5Etfw\">@NomicFoundation<\/a>. Socket researchers have identified 20 malicious packages that exfiltrate sensitive data like private keys and mnemonics. <a href=\"https:\/\/t.co\/xNkQQhQapG\">https:\/\/t.co\/xNkQQhQapG<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/JavaScript?src=hash&#038;ref_src=twsrc%5Etfw\">#JavaScript<\/a><\/p>\n<p>\u2014 Socket (@SocketSecurity) <a href=\"https:\/\/twitter.com\/SocketSecurity\/status\/1874946511035060420?ref_src=twsrc%5Etfw\">January 2, 2025<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Using <span data-descr=\"misspelling of popular names\" class=\"old_tooltip\">typosquatting<\/span>, the malware attempted to pass itself off as legitimate packages. The ultimate goal was to steal private keys and other sensitive data.<\/p>\n<p>The malicious packages were downloaded more than 1,000 times in total.<\/p>\n<p>According to experts, the attackers could have gained unauthorised access to production systems and <span data-descr=\"application programming interface\" class=\"old_tooltip\">API<\/span> keys for third-party services, compromised smart contracts, or deployed malicious versions of existing <span data-descr=\"decentralized applications\" class=\"old_tooltip\">dapps<\/span> for subsequent attacks.<\/p>\n<p>In December 2024, hackers targeted Solana developers <a href=\"https:\/\/forklog.com\/en\/news\/hackers-exploit-solana-developers-via-javascript-library-compromise\">via a library swap<\/a> in JavaScript.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Cybercriminals uploaded at least 20 malicious packages to npm, posing as Hardhat by the Nomic Foundation\u2014a popular development environment for smart contracts and dapps on the Ethereum blockchain, according to Socket analysts. A malicious npm campaign is targeting #Ethereum developers by impersonating @HardhatHQ plugins and the @NomicFoundation. Socket researchers have identified 20 malicious packages that [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":20202,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"","news_style_id":"","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[44,1192,46],"class_list":["post-20203","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-cybercrime","tag-developers","tag-ethereum"],"aioseo_notices":[],"amp_enabled":true,"views":"79","promo_type":"","layout_type":"","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/20203","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/comments?post=20203"}],"version-history":[{"count":0,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/20203\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media\/20202"}],"wp:attachment":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media?parent=20203"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/categories?post=20203"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/tags?post=20203"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}