These compromised versions contain injected malicious code that is designed to steal private keys from unsuspecting developers and users, potentially enabling attackers to drain cryptocurrency wallets.
The backdoor inserted in v1.95.7 adds an 'addToQueue' function which exfiltrates the private key through seemingly-legitimate CloudFlare headers and that calls to this function are then inserted in various places that (legitimately) access the private key.
A publish-access account was compromised for @solana/web3.js, a JavaScript library that is commonly used by Solana dApps. This allowed an attacker to publish unauthorized and malicious packages.
Collection
[
|
...
]