Two spoofed versions of the Web3.js library were pushed out to capture private keys and send them to a hardcoded address.
You must log in or register to comment.
And I just listened to Darknet Diaries latest episode on how someone had stolen tons of Solana
“Earlier today, a publish-access account was compromised for @solana/web3.js, a JavaScript library that is commonly used by Solana dapps,” Anza said in a tweet on Wednesday. “This allowed an attacker to publish unauthorized and malicious packages that were modified, allowing them to steal private key material and drain funds from dapps, like bots, that handle private keys directly.”
yeesh.
