FlagThis

Multiple malicious npm packages have been discovered targeting Solana private keys. These packages, including ‘@async-mutex/mutex’, ‘dexscreener’, ‘solana-transaction-toolkit’, and ‘solana-stable-web-huks’, use typosquatting to appear legitimate while secretly stealing and exfiltrating private keys via Gmail SMTP. This poses a substantial risk to users of Solana wallets.

A supply chain attack compromised versions 1.95.6 and 1.95.7 of the @solana/web3.js npm library, a critical JavaScript tool used for Solana blockchain applications. Malicious code inserted into the library could steal private keys, potentially leading to cryptocurrency theft. The compromise affected numerous applications and individual wallets, highlighting the risks of software supply chain attacks in the cryptocurrency space. Developers are urged to upgrade or downgrade the library to avoid compromise.