Supply Chain Betrayal: The Uniswap-Utils Backdoor
Vulnerability ID: GHSA-X468-PHR8-H3P3
CVSS Score: 10.0
Published: 2026-02-06
A critical supply chain attack targeting the Rust ecosystem, specifically Web3 developers. The uniswap-utils crate, and its dependency evm-units, contained a malicious build.rs script that executed cross-platform malware (Kimwolf) capable of exfiltrating private keys and establishing persistence.
TL;DR
The 'uniswap-utils' Rust crate was a Trojan Horse. Upon running 'cargo build', it triggered a malicious build script that downloaded OS-specific malware to steal crypto wallets and credentials. If you installed this, burn your keys.
⚠️ Exploit Status: ACTIVE
Technical Details
- CWE ID: CWE-506 (Embedded Malicious Code)
- Attack Vector: Network (Supply Chain)
- CVSS: 10.0 (Critical)
- Mechanism: Rust build.rs execution
- Impact: Information Disclosure, RCE
- Payload: Kimwolf Info Stealer
Affected Systems
- Windows Workstations
- macOS Developer Machines
- Linux CI/CD Pipelines
- Rust Development Environments
-
uniswap-utils: All Versions (Fixed in:
Yanked) -
evm-units: All Versions (Fixed in:
Yanked)
Mitigation Strategies
- Dependency Pinning: Always use Cargo.lock
- Sandboxed Builds: Run compilations in Docker or restricted VMs
- Audit Tools: Regularly run
cargo audit - Network Filtering: Block unknown C2 domains at the firewall level
Remediation Steps:
- Identify presence of 'uniswap-utils' or 'evm-units' in Cargo.lock
- Isolate the affected machine from the network immediately
- Consider the machine fully compromised (Root/System level)
- Wipe and re-image the operating system
- Revoke and rotate all secrets (API keys, SSH keys, Crypto Wallets) accessed on that machine
References
Read the full report for GHSA-X468-PHR8-H3P3 on our website for more details including interactive diagrams and full exploit analysis.
Top comments (0)