Multiple Rust crates removed from crates.io after malicious code flags

In the last week (late Feb 2026) multiple Rust crates were removed from crates.io after being flagged for malicious content or for transitively pulling in malicious code. Example package names cited in the initial report include polymarkets-rs-clob-client, clob-sdk, tracings, and tracing; the report did not include deletion timestamps, who flagged the packages, or technical details about the maliciousness.

The absence of public detail for the late-February removals stands against the ecosystem’s recent precedent for named advisories. On May 10th, 2022, SentinelOne researchers Juan Andrés Guerrero-Saade and Phil Stokes wrote: “On May 10th, 2022, the Rust dependency community repository crates.io released an advisory announcing the removal of a malicious crate, ‘rustdecimal’.” That rustdecimal incident was a typosquatting attack against the legitimate rust_decimal package and the malicious crate inspected the GITLAB_CI environment variable to identify Continuous Integration pipelines.

SentinelOne’s technical notes list concrete artifacts from the rustdecimal campaign: the attacker published 15 iterative malicious versions ranging from 1.22.0 to 1.23.5, and the malicious crate “would function identically to the legitimate version except for the addition of a single function, Decimal::new. This function contains code lightly obfuscated with a five byte XOR key.” Cycode’s summary adds exposure measurements: “The security team of crates.io reported that rust developers downloaded the malicious crate 500 times.”

Crates.io’s own operational response was described in a separate incident with precise timestamps and procedures. The crates.io post records that “The users in question were immediately disabled, and the crates in question were deleted from crates.io shortly after. We have retained copies of all logs associated with the users and the malicious crate files for further analysis.” That deletion was performed at 15:34 UTC on September 24, 2025, and the post notes platform log retention: “One year of logs are retained on crates.io, but only 30 days are immediately available on our log platform.”

The September 2025 analysis included technical detail about a logging-crate compromise: “Both crates were copies of a crate which provided logging functionality, and the logging implementation remained functional in the malicious crates.” The original crate’s log-packing feature was modified so the attacker’s code searched processed log files for “Quoted Ethereum private keys (0x + 64 hex)”, “Solana-style Base58 secrets”, and “Bracketed byte arrays”, and then “proceeded to exfiltrate the results of this search to” — the public excerpt is truncated and does not include the exfiltration destination. The crates of that event “did not execute any malicious code at build time” but executed at runtime when dependent projects were run or tested.

Security vendors place the late-February removals in a longer wave of supply-chain abuse. Trail of Bits wrote: “The simplicity of the attack has made it easy for attackers to launch numerous large-scale campaigns, particularly against PyPI and npm. Since 2022, there have been multiple typosquatting campaigns targeting packages that account for a combined 1.2 billion weekly downloads.” Trail of Bits also recorded that “In 2023, researchers documented a campaign that registered 900 typosquats of 40 popular PyPI packages and discovered malware being staged on crates.io,” and that “The attacks have only intensified, with 500 malicious packages published in a single 2024 campaign.” Cycode summarized cross-ecosystem scope: “These attacks targetted three different package managers – PyPI, packagist, and crates.io, used three distinct attack vectors, three distinct malicious payloads, and two pen-testing frameworks.” Trail of Bits further notes that the crates.io team released Trusted Publishing for Rust crates in July.

Taken together, the late-February 2026 removals, the rustdecimal typosquatting in 2022, and the September 24, 2025 logging-crate deletions show recurring attacker patterns: typosquatting, iterative malicious versions, CI-targeting checks, and runtime-only exfiltration embedded in otherwise functional crates. SentinelOne warned of an expanded lifecycle for such campaigns: “If we think through the campaign cycle, the idea of simply typosquatting a popular dependency isn’t a great way to infect a specific swath of targets running GitLab CI pipelines. We are missing a part of the picture where code is being contributed or suggested to a select population that includes a reference to the malicious typosquatted dependency. This is precisely where impersonating a known Rust developer might allow the attackers to poison the well for a target rich population.” Public details remain incomplete for the late-February removals — deletion timestamps, preserved artifacts, download counts, and any exfiltration indicators have not been published in tandem with the initial report — while crates.io’s one-year log retention with 30 days of immediate availability is the clearest operational constraint on retrospective forensic work.