Solana SDK backdoored to steal secrets, private keys (www.csoonline.com)
from BrikoX@lemmy.zip to cybersecurity@sh.itjust.works on 05 Dec 16:41
https://lemmy.zip/post/27481705

Two spoofed versions of the Web3.js library were pushed out to capture private keys and send them to a hardcoded address.

#cybersecurity

threaded - newest

sic_semper_tyrannis@lemmy.today on 05 Dec 16:58 next collapse

And I just listened to Darknet Diaries latest episode on how someone had stolen tons of Solana

treadful@lemmy.zip on 05 Dec 19:17 collapse

“Earlier today, a publish-access account was compromised for @solana/web3.js, a JavaScript library that is commonly used by Solana dapps,” Anza said in a tweet on Wednesday. “This allowed an attacker to publish unauthorized and malicious packages that were modified, allowing them to steal private key material and drain funds from dapps, like bots, that handle private keys directly.”

yeesh.