Summary: A malicious Python package named “set-utils” on PyPI has been discovered to steal Ethereum private keys from users by intercepting wallet creation functions and exfiltrating them through the Polygon blockchain. The package has disguised itself as a utility package similar to popular options, enabling it to target blockchain developers and personal wallet users. Although it has been downloaded over a thousand times, its impact may reach a much larger audience using affected applications for wallet generation.
Affected: Python Package Index (PyPI), Ethereum Wallets, Blockchain Developers
Keypoints :
- The malicious package mimics well-known utilities and has been actively downloading since January 29, 2025.
- It intercepts private keys during wallet creation and sends them to the attacker’s account encrypted in Ethereum transactions.
- Typical security measures may fail to detect the data exfiltration due to its stealthy nature using blockchain transactions.
- Users are advised to uninstall the package immediately and secure their Ethereum wallets to prevent potential theft.