Twenty malicious #npm packages impersonating the #Hardhat #Ethereum✅ development environment have targeted private keys and sensitive data. These packages, downloaded over 1,000 times, were uploaded by three accounts using #typosquatting techniques to trick developers. Once installed, the packages steal private keys, mnemonics, and configuration files, encrypt them with a hardcoded AES key, and send them to attackers. This exposes developers to risks like unauthorized transactions, compromised production systems, #phishing , and malicious dApps.
Mitigation tips: Developers should verify package authenticity, avoid typosquatting, inspect source code, store private keys securely, and minimize dependency usage. Using lock files and defining specific versions can also reduce risks.