PT-2026-27459 · Crates.Io · Tracing-Ethers
Published
2026-03-14
·
Updated
2026-03-14
None
No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
The
tracing-ethers crate attempted to exfiltrate ssh keys to an app hosted on vercel.appThe malicious crate had 9 version published on 2026-03-09 approximately 5 days
before removal and had no evidence of actual downloads. There were no crates
depending on this crate on crates.io.
Thanks to the user
killa for reporting this malicious crate. Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Tracing-Ethers