// year
Every incident with a disclosure date in 2024, sorted by date.
1 incident indexed
Compromised maintainer publish credentials were used to push two malicious versions of the official @solana/web3.js npm package, embedding a routine that exfiltrated private keys from any wallet using the SDK.
