search

solana-labs / solana

Web-Scale Blockchain for fast, secure, scalable, decentralized apps and marketplaces.
https://solanalabs.com
Apache License 2.0
13.07k stars 4.22k forks source link

solana-keygen created a private key, but it does not belong to me. The threat is still ongoing. #35677

Closed yrelationlab closed 2 hours ago

yrelationlab commented 2 hours ago

  1. solana-keygen --version solana-keygen 1.18.17 (src:b685182a; feat:4215500110, client:SolanaLabs)

  2. I use this command solana-keygen new --outfile ./cli/.config/token.json

  3. I find the tool created a private key, but it does not belong to me. The threat is still ongoing. My address is 8EKEHX9CkmNrjn91TZ9tzBbxTWniS3Tixp358GTJpSwW, but authority is AmK8k6ZqE4Rnguw1q83XNQ934b2SWE1ni4vLP6Hz1P3r,which is not controlled by me

  4. similar issue:https://www.reddit.com/r/solana/comments/1fn6syu/who_wants_free_0058_sol_8_try_to_transfer_this/

  5. most of explorer do not show nonce account information,this issue is very subtle

github-actions[bot] commented 2 hours ago

This repository is no longer in use. Please re-open this issue in the agave repo: https://github.com/anza-xyz/agave