https://www.bleepingcomputer.com/news/security/malicious-npm-packages-target-ethereum-developers-private-keys/

Twenty malicious packages impersonating the Hardhat development environment used by Ethereum developers are targeting private keys and other sensitive data.

Collectively, the malicious packages have recorded more than one thousand downloads, researchers say.