Twenty malicious packages impersonating the Hardhat development environment used by Ethereum developers are targeting private keys and other sensitive data. […]
from https://www.bleepingcomputer.com/news/security/malicious-npm-packages-target-ethereum-developers-private-keys/