Backdoor slips into popular code library, drains ~$155k from digital wallets

Solana JavaScript SDK backdoored to steal keys, funds

Damage likely limited to those running bots with private PKI access

Backdoor slips into popular code library, drains ~$155k from digital wallets

Solana-web3.js code library drains private keys giving access to user wallets.

Solana blockchain's popular web3.js npm package backdoored to steal keys, funds

Damage likely limited to those running bots with private key access Malware-poisoned versions of the widely used JavaScript library @solana/web3.js were distributed via the npm package registry, according to an advisory issued Wednesday by project maintainer Steven Luscher. . . .

The @Solana/web3.js Incident: Another Wake-Up Call for Supply Chain Security

On December 2, 2024, the Solana community faced a significant security incident involving the @solana/web3.js npm package, a critical library for developers building on the Solana blockchain with over 450K weekly downloads. This blog post aims to break down the attack flow, explore how it happened, and discuss the importance of supply chain security. What happened? The incident focused on versions 1.95.6 and 1.95.7 of the @solana/web3.js library…

Phantom wallet is safe from the Solana supply chain attack

Phantom wallet is safe, despite speculations it may have been compromised as part of a Solana supply chain attack. Solana users were exposed after malicious code was injected into a Web3 JS library for Solana.  Phantom wallet announced that it was not affected by the Solana supply chain attack, which was discovered in one of the open-source Web3 libraries. The wallet did not report any exploits on its side, although an unknown number of users ma…

Solana SDK backdoored to steal secrets, private keys

The JavaScript-based software development kit (SDK) that allows developers to interact with the Solana Blockchain has suffered a supply chain attack aimed at crypto theft. Solana Web3.js library, which provides APIs for sending transactions, managing accounts, querying blockchain data, and interacting with smart contracts, was backdoored to retrieve private keys. The attack was first reported by Anza, a Solana-focused research and development fi…