Bleeping Computer

Latest Web3.js news

The legitimate Solana JavaScript SDK was temporarily compromised yesterday in a supply chain attack, with the library backdoored with malicious code to steal cryptocurrency private keys and drain ...
Benzinga.com

Phantom Safe from Solana Web3.js Bug; Upgrade to 1.95.8 Urged

Phantom, a prominent wallet provider in the Solana ecosystem, has reassured its users that it is unaffected by a critical vulnerability recently discovered in the Solana/web3.js library. The exploit, ...
heise online

Supply chain attack: Solana web3.js library was infected with malicious code

Anyone who has recently downloaded the JavaScript SDK web3.js from Solana from the package manager npm may have picked up malicious code. The origin is probably a phishing attack on maintainers of the ...
CSOonline

Solana SDK backdoored to steal secrets, private keys

Two spoofed versions of the Web3.js library were pushed out to capture private keys and send them to a hardcoded address. The JavaScript-based software development kit (SDK) that allows developers to ...