It appeared to be typosquatting existing crate polymarket-client-sdk (polymarkets vs polymarket) and attempting to steal credentials from local files.

The malicious crate had 1 version published on 2026-02-19 an hour before removal and hadn't been downloaded. There were no crates depending on this crate on crates.io.

Thanks to Carol Nichols, who is thanking herself for spotting this in the docs.rs build queue and removing it quickly!

The crates.io team advises anyone developing with Polymarket to review dependencies carefully. We are investigating ways to mitigate this attacker who appears to be very motivated to steal Polymarket credentials.