tl;dr
A significant supply chain attack targeted the @solana/web3.js JavaScript library used by developers to create decentralized applications on the Solana blockchain. Hackers compromised versions 1.95.6 and 1.95.7, stealing $160,000 in assets, including SOL tokens and other crypto assets. The breach, d...
A significant supply chain attack has impacted the Solana ecosystem, targeting the @solana/web3.js JavaScript library, leading to $160,000 in stolen assets, including SOL tokens and other crypto assets. The breach occurred when a publish-access account for the library on npm was compromised, allowing attackers to publish unauthorized and malicious packages that exfiltrated private keys and drained funds.
The attack affected developers who updated the library between 3:20 PM UTC and 8:25 PM UTC on December 2, particularly those using backend systems or bots reliant on private keys. Phantom, one of the most widely-used Solana wallets, confirmed it never used the compromised versions of the library, ensuring its users were not impacted. Prominent voices in the Solana community clarified the attack did not compromise the Solana blockchain itself, and developers have been urged to immediately update to version 1.95.8 of the library and audit their projects for dependencies on the compromised versions. Hakan Unal, Senior Blockchain Scientist at Cyverse, highlighted the critical issue of security in third-party dependencies and the need for rigid standards in the wake of the recent Solana library supply chain attack.
A significant supply chain attack targeted the @solana/web3.js JavaScript library used by developers to create decentralized applications on the Solana blockchain. Hackers compromised versions 1.95.6 and 1.95.7, stealing $160,000 in assets, including SOL tokens and other crypto assets. The breach, disclosed by the Solana-focused development team Anza, involved unauthorized updates containing a backdoor that transmitted private key data to a hacker-controlled address. Developers using the compromised library between 3:20 PM UTC and 8:25 PM UTC on December 2 were affected. Phantom and other projects confirmed they were not impacted. Developers have been urged to update to version 1.95.8 of the library, audit their projects for dependencies on the compromised versions, and rotate and regenerate private keys. This attack is part of a concerning trend of supply chain attacks in the software development industry.
A significant supply chain attack has impacted the Solana ecosystem, targeting the @solana/web3.js JavaScript library, a critical tool that developers rely on to create decentralized applications (dApps) on the Solana blockchain. On December 2, hackers gained access to the account of a developer maintaining the @solana/web3.js library. It's a tool that's been downloaded more than 350,000 times weekly by Solana app developers. Hackers compromised versions 1.95.6 and 1.95.7, embedding malicious code that exfiltrated private keys and drained funds. The breach led to $160,000 in stolen assets, including SOL tokens and other crypto assets, according to Solscan data. Solana-focused development team Anza disclosed the breach on Tuesday saying it occurred when a publish-access account for the library on npm was compromised.
The attackers introduced unauthorized updates containing a backdoor that transmitted private key data to a hardcoded address. These malicious versions were downloaded before they were removed from npm hours later. The attack affected developers who updated the library between 3:20 PM UTC and 8:25 PM UTC on December 2, particularly those using backend systems or bots reliant on private keys. Using this access, the attackers uploaded altered versions of the library (1.95.6 and 1.95.7) containing code that secretly sent private keys to a hacker-controlled address. These keys allowed the hackers to steal funds from applications that used the compromised library. This type of incident is called a supply chain attack, where hackers tamper with software that developers depend on, spreading the malicious code widely.
Phantom is not impacted by this vulnerability. Our Security Team confirms that we have never used the exploited versions of @solana/web3.js.
In a public statement, Phantom, one of the most widely-used Solana wallets, confirmed it never used the compromised versions of the library, ensuring its users were not impacted. Similarly, Solflare and other key projects like Drift and Backpack reassured their communities that robust security measures prevented any compromise. Developers relying on private key operations within the affected versions were the primary victims, but end-users were largely spared. Prominent voices in the Solana community clarified the attack did not compromise the Solana blockchain itself. In the wake of the breach, developers have been urged to immediately update to version 1.95.8 of the library, audit their projects for dependencies on the compromised versions, and rotate and regenerate private keys to mitigate further losses. npm has since removed the affected versions, and tools like Socket have been recommended for developers to detect vulnerabilities in their repositories. This breach is part of a worrying trend of supply chain attacks, where hackers target widely-used software tools to attack a larger group of people.