https://www.bleepingcomputer.com/news/security/solana-web3js-library-backdoored-to-steal-secret-private-keys/

The legitimate Solana JavaScript SDK was temporarily compromised yesterday in a supply chain attack, with the library backdoored with malicious code to steal cryptocurrency private keys and drain wallets.

Solana offers an SDK called "@solana/web3.js" used by decentralized applications (dApps) to connect and interact with the Solana blockchain.