Security News > 2024 > December > Solana’s popular web3.js library backdoored in supply chain compromise

Solana’s popular web3.js library backdoored in supply chain compromise
2024-12-04 15:50

A software supply chain attack has lead to the publication of malicious versions of Solana’s web3.js library on the npm registry. Just like the recent Lottie Player supply chain compromise, this attack was reportedly made possible due to compromised (phished) npm.js account credentials. What happened? “Earlier today, a publish-access account was compromised for @solana/web3.js, a JavaScript library that is commonly used by Solana [decentralized apps]. This allowed an attacker to publish unauthorized and malicious packages … More → The post Solana’s popular web3.js library backdoored in supply chain compromise appeared first on Help Net Security.


News URL

https://www.helpnetsecurity.com/2024/12/04/solana-web3-js-supply-chain-compromise/