Get the latest tech news
Backdoor slipped into popular code library, drains ~$155k from digital wallets
Solana-web3.js code library drains private keys, giving access to user wallets.
These “dapps” allow people to sign smart contracts that, in theory, operate autonomously in executing currency trades among two or more parties when certain agreed-upon conditions are met. Christophe Tafani-Dereeper, an independent security researcher, said on Bluesky that his analysis of version 1.95.7 found the hackers had added an "addToQueue" function to the library, which caused affected apps that work with private keys to exfiltrate them. Dan Goodin is Senior Security Editor at Ars Technica, where he oversees coverage of malware, computer espionage, botnets, hardware hacking, encryption, and passwords.
Or read this on ArsTechnica
/cdn.vox-cdn.com/uploads/chorus_asset/file/24533980/STK417_banking_money_1.jpg)