The well-known @solana/web3.js library has been compromised in a supply chain attack.Two malicious versions of the library were posted on the official npm registry on December 2, 2024.The malicious code stole private keys from developers and users, putting cryptocurrency wallets at risk.Developers are advised to rotate their private keys and update to Solana Web3.js version 1.95.8 immediately.