腾讯网

慢雾创始人:Solana/Web3.js 库先前版本出现供应链投毒事件,目前已修复

PANews 12月4日消息,慢雾创始人余弦发布预警称,@solana/web3.js 库的 1.95.6 及 1.95.7 版本出现供应链投毒事件,这些版本中存在可窃取用户私钥的后门代码。目前新版本已修复该安全隐患,主流知名钱包暂未发现受到影响。 据悉,已有真实攻击案例发生,由于恶意 ...
Bleeping Computer

Solana Web3.js library backdoored to steal secret, private keys

The legitimate Solana JavaScript SDK was temporarily compromised yesterday in a supply chain attack, with the library backdoored with malicious code to steal cryptocurrency private keys and drain ...
新浪网

余弦:@solana/web3.js 的 1.95.6 和 1.95.7 版本被发现存在供应链投毒问题

吴说获悉,据慢雾创始人余弦消息,@solana/web3.js 的 1.95.6 和 1.95.7 版本被发现存在供应链投毒问题,嵌入的后门代码会窃取用户私钥。虽然这两个版本仅存活了数小时便被移除,但已发生真实攻击事件。当前未在知名钱包中发现该风险,但可能影响到及时更新 ...
来自MSN

Solana blockchain's popular web3.js npm package backdoored to steal keys, funds

Malware-poisoned versions of the widely used JavaScript library @solana/web3.js were distributed via the npm package registry, according to an advisory issued Wednesday by project maintainer Steven ...
CoinTelegraph

Web3 devs ‘more active than ever’ amid crypto winter: Report

Consecutive all-time-high smart contract deployments and surging usage of Web3 script libraries mean that Web3 devs are still busy working despite the prolonged market downturn. Web3 developers don’t ...