According to Wu's report, based on information from Yu Xian, the founder of Slow Mist, versions 1.95.6 and 1.95.7 of @solana/web3.js have been found to have supply chain poisoning issues, with embedded backdoor code that can steal user private keys. Although these two versions were only active for a few hours before being removed, real attack incidents have already occurred. Currently, this risk has not been found in well-known wallets, but it may affect third-party private key management tools or automated bot users that do not update their dependencies in a timely manner. It is recommended that relevant developers immediately check if they are using the affected versions and update to the latest secure version.