// 토큰 유형
Signing Key이(가) 노출된 인덱싱 사고. 공개 일자 기준 정렬.
4건 인덱싱됨
Compromised maintainer publish credentials were used to push two malicious versions of the official @solana/web3.js npm package, embedding a routine that exfiltrated private keys from any wallet using the SDK.
Two long-unmaintained npm packages — rc and coa, with combined weekly downloads in the tens of millions — were hijacked the same day and shipped credential-harvesting payloads matching ua-parser-js.
An attacker took over the maintainer account of ua-parser-js — a package with ~7M weekly downloads — and shipped versions containing a credential stealer (Windows) and a cryptominer (Linux).
A new maintainer of the popular event-stream npm package added a malicious sub-dependency, flatmap-stream, that exfiltrated cryptocurrency wallet seeds from Copay-derived applications.
