·CRITICAL8.4·confirmed
@solana/web3.js Private Key Exfiltration (2024)
Compromised maintainer publish credentials were used to push two malicious versions of the official @solana/web3.js npm package, embedding a routine that exfiltrated private keys from any wallet using the SDK.
벡터 / npm supply chain플랫폼 / npm분량 / 5분
