heise online

Supply chain attack: Solana web3.js library was infected with malicious code

Anyone who has recently downloaded the JavaScript SDK web3.js from Solana from the package manager npm may have picked up malicious code. The origin is probably a phishing attack on maintainers of the ...
CSOonline

Solana SDK backdoored to steal secrets, private keys

Two spoofed versions of the Web3.js library were pushed out to capture private keys and send them to a hardcoded address. The JavaScript-based software development kit (SDK) that allows developers to ...