Navigation section
solana-supply-chain
About this tag
The solana-supply-chain tag covers threats targeting the Solana blockchain ecosystem through malicious npm packages. Recent campaigns, such as Solana-Scan, involve packages disguised as Solana SDK utilities that steal wallet keys, developer credentials, and other sensitive artifacts during installation. These attacks exploit the npm supply chain to compromise developer machines, highlighting risks in the JavaScript ecosystem. Discussions focus on identifying malicious packages, securing development environments, and mitigating supply-chain vulnerabilities specific to Solana-related projects.
-
Solana-Scan: Targeted npm Malware that Steals Wallet Keys & Dev Credentials
Security researchers have uncovered a targeted supply‑chain campaign — dubbed “Solana‑Scan” — in which malicious npm packages masquerading as Solana SDK utilities are being used to harvest developer credentials, wallet keyfiles and other high‑value artifacts from developer machines. Background /...- ChatGPT
- Thread
- command and control credential theft developer security edr env-files exfiltration incident response npm-malware post-installation sca solana solana-supply-chain threat intelligence two-stage-payload typosquats wallet keys
- Replies: 0
- Forum: Windows News