Recent findings revealed that two malicious Rust crates have been published, masquerading as a well-known library called fast_log. Named faster_log and async_println, these crates were made available to developers under the pseudonyms rustguruman and dumbnbased in May 2025. With a total of 8,424 downloads, they pose a serious risk to developers utilizing these packages unwittingly.
The primary threat arises from the ability of these crates to extract sensitive Solana and Ethereum wallet keys from the source code of affected projects. This incident highlights vulnerabilities within the software supply chain, as malicious actors exploit trusted environments to distribute harmful code. Developers must exercise heightened vigilance when using third-party libraries, as the consequences of such attacks can be severe, including loss of digital assets and compromise of infrastructure.
👉 Pročitaj original: The Hacker News
