Cybersecurity researchers are alerting to a software supply chain attack targeting the popular @solana/web3.js npm library that involved pushing two malicious versions capable of harvesting users’ private keys with an aim to drain their cryptocurrency wallets.
The attack has been detected in versions 1.95.6 and 1.95.7. Both these versions are no longer available for download from the npm
Source:: The Hackers News