NPM supply chain Attack

Malicious npm packages target Ethereum developers’ private keys

Teilen:

Zwanzig bösartige Pakete imitieren die von Ethereum-Entwicklern verwendete Hardhat-Entwicklungsumgebung und zielen auf private Schlüssel und andere vertrauliche Daten ab.

Collectively, the malicious packages have recorded more than one thousand downloads, researchers say.

Narrow targeting campaign

Hardhat is a widely used Ethereum development environment maintained by the Nomic Foundation. It is used for developing, testing, and deploying smart contracts and decentralized applications (dApps) on the Ethereum blockchain.

It is generally used by blockchain software developers, fintech firms and startups, and educational institutions.

These users often source their project components from the npm (Note Package Manager), a widely used tool in the JavaScript ecosystem that helps developers manage dependencies, libraries, and modules.

On npm, three malicious accounts uploaded 20 info-stealing packages that used typosquatting to impersonate legitimate packages and trick people into installing them.

Socket shared the names of 16 malicious packages, which are:

    1. nomicsfoundations
    2. @nomisfoundation/hardhat-configure
    3. installedpackagepublish
    4. @nomisfoundation/hardhat-config
    5. @monicfoundation/hardhat-config
    6. @nomicsfoundation/sdk-test
    7. @nomicsfoundation/hardhat-config
    8. @nomicsfoundation/web3-sdk
    9. @nomicsfoundation/sdk-test1
    10. @nomicfoundations/hardhat-config
    11. crypto-nodes-validator
    12. solana-validator
  1. node-validators
  2. hardhat-deploy-others
  3. hardhat-gas-optimizer
  4. solidity-comments-extractors

Once installed, code in those packages attempts to collect Hardhat private keys, configuration files, and mnemonics, encrypt them with a hardcoded AES key, and then exfiltrate them to the attackers.

“These packages exploit the Hardhat runtime environment using functions such as hreInit() and hreConfig() to collect sensitive details like private keys, mnemonics, and configuration files,” explains Socket.

“The collected data is transmitted to attacker-controlled endpoints, leveraging hardcoded keys and Ethereum addresses for streamlined exfiltration.”

Security risks and mitigations

Private keys and mnemonics are used to access Ethereum wallets, so the first potential ramification of this attack is the loss of funds through initiating unauthorized transactions.

Minimizing Risks in Ethereum supply

In addition, since many of the compromised systems belong to developers, the attackers could gain unauthorized access to production systems and compromise smart contracts or deploy malicious clones of existing dApps to lay the ground for more impactful, broader-scale attacks.

Hardhat configuration files can include API keys for third-party services as well as information about the development network and endpoints, and they can be leveraged to prepare phishing attacks.

Software developers should exercise caution, verify package authenticity, be wary of typosquatting, and inspect the source code before installation.

As a general recommendation, private keys should not be hardcoded but stored in secure vaults.

To minimize exposure to such risks, use lock files, define specific versions for your dependencies, and use as few as practically possible.

Quelle

Kommentar verfassen

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert

lade-bild
London, GB
8:03 am, Feb. 11, 2025
Wetter-Symbol 3°C
L: 3° | H: 4°
overcast clouds
Luftfeuchtigkeit: 93 %
Druck: 1018 mb
Wind: 5 mph NW
Windböe: 0 mph
UV-Index: 0
Niederschlag: 0 mm
Wolken: 100%
Regen Chance: 0%
Sichtbarkeit: 7 km
Sonnenaufgang: 7:21 am
Sonnenuntergang: 5:07 pm
TäglichStündlich
Tägliche VorhersageStündliche Vorhersage
Today 9:00 pm
Wetter-Symbol
3° | 4°°C 0.2 mm 20% 4 mph 95 % 1018 mb 0 mm/h
Tomorrow 9:00 pm
Wetter-Symbol
2° | 7°°C 0 mm 0% 5 mph 96 % 1021 mb 0 mm/h
Do. Feb. 13 9:00 pm
Wetter-Symbol
3° | 7°°C 0 mm 0% 9 mph 77 % 1025 mb 0 mm/h
Fr. Feb. 14 9:00 pm
Wetter-Symbol
2° | 6°°C 0 mm 0% 8 mph 78 % 1026 mb 0 mm/h
Sa. Feb. 15 9:00 pm
Wetter-Symbol
1° | 5°°C 0 mm 0% 9 mph 75 % 1026 mb 0 mm/h
Today 9:00 am
Wetter-Symbol
3° | 3°°C 0.2 mm 20% 4 mph 93 % 1018 mb 0 mm/h
Today 12:00 pm
Wetter-Symbol
3° | 3°°C 0 mm 0% 4 mph 95 % 1018 mb 0 mm/h
Today 3:00 pm
Wetter-Symbol
4° | 4°°C 0 mm 0% 4 mph 88 % 1017 mb 0 mm/h
Today 6:00 pm
Wetter-Symbol
4° | 4°°C 0 mm 0% 3 mph 86 % 1018 mb 0 mm/h
Today 9:00 pm
Wetter-Symbol
4° | 4°°C 0 mm 0% 3 mph 84 % 1018 mb 0 mm/h
Tomorrow 12:00 am
Wetter-Symbol
4° | 4°°C 0 mm 0% 2 mph 88 % 1019 mb 0 mm/h
Tomorrow 3:00 am
Wetter-Symbol
3° | 3°°C 0 mm 0% 3 mph 92 % 1018 mb 0 mm/h
Tomorrow 6:00 am
Wetter-Symbol
2° | 2°°C 0 mm 0% 3 mph 96 % 1018 mb 0 mm/h
Name Preis24H (%)
Bitcoin(BTC)
€95,360.86
0.85%
Ethereum(ETH)
€2,631.76
2.80%
XRP(XRP)
€2.43
4.01%
Fesseln(USDT)
€0.97
0.01%
Solana(SOL)
€198.43
0.66%
USDC(USDC)
€0.97
0.00%
Dogecoin(DOGE)
€0.258662
6.23%
Shiba Inu(SHIB)
€0.000016
2.99%
Pepe(PEPE)
€0.000010
8.45%
Nach oben scrollen