Cyrator is now CROWDNEWS

Solana

$SOL
Kawin Rungsimuntakul23d

Supply Chain Attack Detected in Solana's web3.js Library - S...

WARNING: A supply chain attack was detected in versions 1.95.6 and 1.95.7 of the @solana/web3.js library, which affects many developers. The malicious code aims to exfiltrate private keys and compromise wallets.

Please be cautioned to refrain from interacting with dApps in the Solana Ecosystem for the immediate time period as the situation gets resolved.

Believed to be the result of a social engineering/phishing attack targeting maintainers of the official Web3.js open source library maintained by Solana and receives more than 350,000 weekly downloads on NPM.

Developers integrating these versions into their projects risk exposing their private keys. Phantom Wallet has confirmed it is not impacted by these vulnerabilities, however, users of applications relying on the compromised libraries risk having their wallets drained.

This is a developing story, further updates can be found on Socket or by using Exponent Analyst AI to aggregate and monitor related news (link in the comments). Show Less

https://socket.dev/blog/supply-chain-attack-solana-web3-js-library
 20
Copy Link
Share to X.com
2024 CROWDNEWS
AboutStatsDocs Privacy Policy
Disclaimer: The content presented on this website, including any analyses, reviews, and ratings, is provided for informational purposes only and should not be considered financial advice. crowd.news does not endorse or recommend any financial transactions or investments based on the information available on this platform. Visitors to this site should perform their own due diligence and consult with a professional financial advisor before making any investment decisions. crowd.news is not liable for any actions taken, financial or otherwise, based on information or links from this website.