Ars Technica

Backdoor slipped into popular code library, drains ~$155k from digital wallets

Hackers pocketed as much as $155,000 by sneaking a backdoor into a code library used by developers of smart contract apps that work with the cryptocurrency known as Solana. The supply-chain attack ...
CSOonline

Solana SDK backdoored to steal secrets, private keys

Two spoofed versions of the Web3.js library were pushed out to capture private keys and send them to a hardcoded address. The JavaScript-based software development kit (SDK) that allows developers to ...
Benzinga.com

Phantom Safe from Solana Web3.js Bug; Upgrade to 1.95.8 Urged

Phantom, a prominent wallet provider in the Solana ecosystem, has reassured its users that it is unaffected by a critical vulnerability recently discovered in the Solana/web3.js library. The exploit, ...