December 5, 2024 at 06:16PM Compromised versions of the @solana/web3.js JavaScript library were distributed via npm, allowing attackers to insert malicious code and steal private keys. The breach affected users during a specific timeframe, resulting in an estimated loss of $130K. Two affected versions have since been unpublished, and investigations are ongoing. ### Meeting Takeaways … Read more
October 31, 2024 at 10:39AM LottieFiles announced that its npm package “lottie-player” was compromised in a supply chain attack, leading to unauthorized, malicious versions that prompted users to connect cryptocurrency wallets. Users of versions 2.0.5, 2.0.6, and 2.0.7 should update to 2.0.8. The company is investigating with an external team. ### Meeting Takeaways – October … Read more
October 31, 2024 at 05:05AM LottieFiles reported malicious code in npm package versions 2.0.5, 2.0.6, and 2.0.7, prompting users to connect cryptocurrency wallets. They released version 2.0.8 to remedy the issue, advising users to upgrade. The malicious activity affected no other services or repositories, while investigations continue into the breach’s impact. ### Meeting Takeaways: 1. … Read more