Actions: [ Mark as unread ] [ Delete article ] | [ << Older article ] [ Newer article >> ] |
An attacker was able to compromise an account that had publish access for the official Solana web3.js library, which is widely used by dApps to read and write from the Solana blockchain. The library gets over 350,000 downloads per week from the popular JavaScript package manager npm. Malicious versions of the library allowed exploiters to steal private keys and drain funds from dApps like various Solana bots. Around $184,000 was stolen as a result of the compromise. Although it was caught fairly quickly, and the malicious code was removed from package managers, developers will need to update projects that used the malicious version of the library, and refresh any potentially exposed secrets.
Posted on:2024-12-06 01:29:51