Solana blockchain's popular web3.js npm package backdoored to steal keys, funds

Damage likely limited to those running bots with private key access

Malware-poisoned versions of the widely used JavaScript library @solana/web3.js were distributed via the npm package registry, according to an advisory issued Wednesday by project maintainer Steven Luscher....