December 4, 2024 at 12:33PM The Solana JavaScript SDK was compromised in a supply chain attack, enabling the theft of cryptocurrency private keys through malicious code in versions 1.95.6 and 1.95.7 of the library. Developers are urged to update to version 1.95.8 and rotate keys to safeguard their assets. Stolen assets are valued at approximately … Read more
December 4, 2024 at 06:33AM This week, developers unknowingly downloaded compromised versions of the Solana Web3.js library, allowing attackers to steal private keys and drain funds. The malicious versions were available for five hours. Users are advised to update to the clean version and reset all credentials, as their systems may be compromised. ### Meeting … Read more
December 4, 2024 at 05:06AM Cybersecurity researchers have identified a software supply chain attack targeting the @solana/web3.js npm library, with malicious versions 1.95.6 and 1.95.7 designed to steal users’ private keys and drain cryptocurrency wallets. Affected users are advised to update their versions and potentially rotate their authority keys. ### Meeting Takeaways – December 4, … Read more
September 18, 2024 at 03:12PM Numerous high-profile X accounts were hacked to promote the $HACKED Solana token, leading to a successful pump-and-dump scheme. Accounts with large followings, including MoneyControl and People Magazine, were compromised to post about the token. The cyberattack significantly boosted the token’s market value, but the situation is evolving, and the method … Read more
January 11, 2024 at 04:01AM Mandiant’s X account was compromised by a brute-force attack, enabling the intruder to spread a cryptocurrency drainer called CLINKSINK. The attack targeted Solana cryptocurrency users and utilized phishing pages to redirect victims to approve fraudulent transactions. This incident reflects a growing trend of financially motivated threat actors targeting cryptocurrency assets … Read more
October 12, 2023 at 09:57AM A malicious package named Pathoschild.Stardew.Mod.Build.Config has been found on the NuGet package manager. It delivers a remote access trojan called SeroXen RAT. The package is a typosquat of a legitimate package and has artificially inflated its download count to over 100,000. The profile behind the package has published six other … Read more