Original link: Researchers Uncover Backdoor in Solana's Popular Web3.js npm Library / TheHackerNews.
Ouch.