History ⋅ Edit ⋅ JSON (OSV) RUSTSEC-2025-0147 evm-units was removed from crates.io for malicious code Reported December 3, 2025 Issued February 6, 2026 (last modified: March 17, 2026) Package evm-units Type Vulnerability Categories malicious Aliases GHSA-6662-54xr-8423 References https://blog.rust-lang.org/2025/12/03/crates.io-malicious-crates-evm-units-and-uniswap-utils/ https://socket.dev/blog/malicious-rust-crate-evm-units-serves-cross-platform-payloads Patched no patched versions Description It appeared to be attempting to steal cryptocurrency. Advisory available under CC0-1.0 license.