资讯

新浪网

Solana 官方 web3.js 库被攻击的生死 5 小时

捏了一把汗,差点变成 Dexx 爆雷事件大型版。 搞搞项目方已经满足不了黑客。现在是直捣黄龙——杀到了区块链官方库了。 不久前,Solana Lab 官方的 web3.js 库遭到入侵,发布代码被篡改的新版本,使其能够窃取私钥。 还好,发现及时,根据 Solana Scan 数据,只 ...
Bleeping Computer

Solana Web3.js library backdoored to steal secret, private keys

The legitimate Solana JavaScript SDK was temporarily compromised yesterday in a supply chain attack, with the library backdoored with malicious code to steal cryptocurrency private keys and drain ...
heise online

Supply chain attack: Solana web3.js library was infected with malicious code

Anyone who has recently downloaded the JavaScript SDK web3.js from Solana from the package manager npm may have picked up malicious code. The origin is probably a phishing attack on maintainers of the ...