PANews, December 4 - Yu Xian, the founder of Slow Mist, issued a warning stating that versions 1.95.6 and 1.95.7 of the @solana/web3.js library experienced a supply chain poisoning incident, containing backdoor code that could steal user private keys. A new version has been released to fix this security vulnerability, and no major well-known wallets have been found to be affected.
According to reports, there have been real attack cases. Because the malicious version was discovered and removed within hours of its existence, the victims may be third-party private key-related tools or bots that updated their dependency packages in a timely manner. Yu Xian reminds developers to check the versions of relevant dependency packages used in their projects in a timely manner.