โŒ

Normal view

There are new articles available, click to refresh the page.
Before yesterdayMain stream

Backdoor slipped into popular code library, drains ~$155k from digital wallets

5 December 2024 at 04:35

Hackers pocketed as much as $155,000 by sneaking a backdoor into a code library used by developers of smart contract apps that work with the cryptocurrency known as Solana.

The supply-chain attack targeted solana-web3.js, a collection of JavaScript code used by developers of decentralized apps for interacting with the Solana blockchain. These โ€œdappsโ€ allow people to sign smart contracts that, in theory, operate autonomously in executing currency trades among two or more parties when certain agreed-upon conditions are met.

The backdoor came in the form of code that collected private keys and wallet addresses when apps that directly handled private keys incorporated solana-web3.js versions 1.95.6 and 1.95.7. These backdoored versions were available for download during a five-hour window between 3:20 pm UTC and 8:25 pm UTC on Tuesday.

Read full article

Comments

ยฉ Getty Images

โŒ
โŒ