Hosted on MSN

Solana blockchain's popular web3.js npm package backdoored to steal keys, funds

Malware-poisoned versions of the widely used JavaScript library @solana/web3.js were distributed via the npm package registry, according to an advisory issued Wednesday by project maintainer Steven ...
CSOonline

Solana SDK backdoored to steal secrets, private keys

Two spoofed versions of the Web3.js library were pushed out to capture private keys and send them to a hardcoded address. The JavaScript-based software development kit (SDK) that allows developers to ...
Benzinga.com

Phantom Safe from Solana Web3.js Bug; Upgrade to 1.95.8 Urged

Phantom, a prominent wallet provider in the Solana ecosystem, has reassured its users that it is unaffected by a critical vulnerability recently discovered in the Solana/web3.js library. The exploit, ...