Open Menu
AllLocalCommunitiesAbout
lotide
AllLocalCommunitiesAbout
Login

Backdoor slips into popular code library, drains ~$155k from digital wallets

⁨46⁩ ⁨likes⁩

Submitted ⁨⁨4⁩ ⁨weeks⁩ ago⁩ by ⁨misk@sopuli.xyz⁩ to ⁨technology@lemmy.world⁩

https://arstechnica.com/information-technology/2024/12/backdoor-slips-into-popular-code-library-drains-155k-from-digital-wallets/

source

Comments

Sort:hotnewtop
  • dhork@lemmy.world ⁨4⁩ ⁨weeks⁩ ago

    Socket, a security firm that helps detect supply-chain attacks, said the back door is “believed to be the result of a social engineering/phishing attack targeting maintainers of the official Web3.js open source library maintained by Solana.”

    That’s super interesting. From the sound of it, the Maintainers must have been targeted to force a malicious Pull Request to be accepted. That article showed some of the code from the commit. I am not a Solana developer but understood enough to know what it was doing and that no maintainer should have approved it willingly.

    I wonder if those maintainers will end up having any liability for the hack.

    source
  • demesisx@infosec.pub ⁨4⁩ ⁨weeks⁩ ago

    Solana! 😂😂

    source
    • dhork@lemmy.world ⁨4⁩ ⁨weeks⁩ ago

      It truly is SOL

      source
  • NGnius@lemmy.ca ⁨4⁩ ⁨weeks⁩ ago

    Victims are all SOL, in more ways than one

    source