资讯

新浪网9月

余弦:@solana/web3.js 的 1.95.6 和 1.95.7 版本被发现存在供应链投毒问题

吴说获悉,据慢雾创始人余弦消息,@solana/web3.js 的 1.95.6 和 1.95.7 版本被发现存在供应链投毒问题,嵌入的后门代码会窃取用户私钥。虽然这两个版本仅存活了数小时便被移除,但已发生真实攻击事件。当前未在知名钱包中发现该风险,但可能影响到及时更新 ...
Bleeping Computer9月

Solana Web3.js library backdoored to steal secret, private keys

The legitimate Solana JavaScript SDK was temporarily compromised yesterday in a supply chain attack, with the library backdoored with malicious code to steal cryptocurrency private keys and drain ...
来自MSN9月

Solana blockchain's popular web3.js npm package backdoored to steal keys, funds

Malware-poisoned versions of the widely used JavaScript library @solana/web3.js were distributed via the npm package registry, according to an advisory issued Wednesday by project maintainer Steven ...