Two spoofed versions of the Web3.js library were pushed out to capture private keys and send them to a hardcoded address.

  • treadful@lemmy.zip
    link
    fedilink
    English
    arrow-up
    3
    ·
    22 days ago

    “Earlier today, a publish-access account was compromised for @solana/web3.js, a JavaScript library that is commonly used by Solana dapps,” Anza said in a tweet on Wednesday. “This allowed an attacker to publish unauthorized and malicious packages that were modified, allowing them to steal private key material and drain funds from dapps, like bots, that handle private keys directly.”

    yeesh.