Hosted on MSN

Solana blockchain's popular web3.js npm package backdoored to steal keys, funds

Malware-poisoned versions of the widely used JavaScript library @solana/web3.js were distributed via the npm package registry, according to an advisory issued Wednesday by project maintainer Steven ...
Bleeping Computer

Solana Web3.js library backdoored to steal secret, private keys

The legitimate Solana JavaScript SDK was temporarily compromised yesterday in a supply chain attack, with the library backdoored with malicious code to steal cryptocurrency private keys and drain ...
Ars Technica

Backdoor slipped into popular code library, drains ~$155k from digital wallets

Hackers pocketed as much as $155,000 by sneaking a backdoor into a code library used by developers of smart contract apps that work with the cryptocurrency known as Solana. The supply-chain attack ...
CSOonline

Solana SDK backdoored to steal secrets, private keys

Two spoofed versions of the Web3.js library were pushed out to capture private keys and send them to a hardcoded address. The JavaScript-based software development kit (SDK) that allows developers to ...
heise online

Supply chain attack: Solana web3.js library was infected with malicious code

Anyone who has recently downloaded the JavaScript SDK web3.js from Solana from the package manager npm may have picked up malicious code. The origin is probably a phishing attack on maintainers of the ...