Solana dev library web3.js compromised to steal private keys
Solana’s web3.js library was compromised yesterday in a supply chain attack that installed malicious packages capable of stealing the private keys of users and draining their funds. The attack was reported by Solana developer @trentdotsol and specifically affected versions 1.95.6 and 1.95.7 of the Solana web3.js library. Since then, a wave of Solana-based developers have come out to confirm they are not impacted by the exploit. Unaffected firms include Solflare, Phantom Wallet, and Helium. Solana’s web3.js is a JavaScript library accessible to developers wanting to build Solana-based apps. Reports suggest that maintainers of the library may have been targeted by a phishing campaign as attackers gained access to the “publish-access account.” anyone using @solana/web3.js, versions 1.95.6 and 1.95.7 are compromised with a secret stealer leaking private keys. if you or your product are using these versions, upgrade to 1.95.8 (1.95.5 is unaffected) if you ...