BTC $62,647.63 +0.17%
ETH $1,762.01 -0.07%
BNB $582.70 +1.84%
XRP $1.12 -1.70%
SOL $80.87 -0.68%
TRX $0.3285 +0.73%
DOGE $0.0764 -0.79%
ADA $0.1874 +5.25%
BCH $237.85 +5.16%
LINK $7.91 -0.24%
HYPE $69.13 -2.55%
AAVE $88.23 -0.13%
SUI $0.7469 -1.51%
XLM $0.1995 -2.06%
ZEC $461.48 -0.39%
BTC $62,647.63 +0.17%
ETH $1,762.01 -0.07%
BNB $582.70 +1.84%
XRP $1.12 -1.70%
SOL $80.87 -0.68%
TRX $0.3285 +0.73%
DOGE $0.0764 -0.79%
ADA $0.1874 +5.25%
BCH $237.85 +5.16%
LINK $7.91 -0.24%
HYPE $69.13 -2.55%
AAVE $88.23 -0.13%
SUI $0.7469 -1.51%
XLM $0.1995 -2.06%
ZEC $461.48 -0.39%

Cosine: Beware of @solana/web3.js supply chain poisoning, the poisoned version has been taken down

2024-12-04 09:08:12
Collection

ChainCatcher message, Slow Mist Yu X stated: "Attention @solana/web3.js supply chain poisoning, known versions 1.95.6 and 1.95.7 contain backdoor code that can steal user private keys. The new version no longer has this risk. Well-known wallets have not found this risk, but real attacks have occurred.

It is speculated that perhaps third-party private key-related tools (including bots) that update dependency packages in a timely manner were affected, as the poisoned versions only lasted a few hours before being discovered and removed. If you are using this package, please be cautious and check."

app_icon
ChainCatcher Building the Web3 world with innovations.