Reported

December 3, 2025

Issued

February 6, 2026

Package

uniswap-utils (crates.io)

Type

Vulnerability

References

• https://blog.rust-lang.org/2025/12/03/crates.io-malicious-crates-evm-units-and-uniswap-utils/
• https://socket.dev/blog/malicious-rust-crate-evm-units-serves-cross-platform-payloads

Patched

no patched versions

Description

It depended on the evm-units crate, which appeared to be attempting to steal cryptocurrency.

Advisory available under CC0-1.0 license.