Gushiken Yona
A supply chain attack targeting the Solana web3.js library has resulted in about $190,000 in stolen funds, though the core Solana protocol and major wallets remain unaffected. While the attack exposed vulnerabilities in the JavaScript library, it did not directly impact user wallets.
Malicious Code Injected into Solana Web3.js Library
The attack focused on versions 1.95.6 and 1.95.7 of the web3.js library, a tool used by Solana developers. Attackers injected malicious code that exposed private keys stored on backend servers, primarily impacting automated JavaScript bots, not user wallets. The Solana protocol itself and popular wallets like Phantom and Coinbase Wallet were not directly affected.
Anza, a Solana-focused research and development firm, reported on X: “A publish-access account was compromised for @solana/web3.js… allowing an attacker to publish unauthorized packages… to steal private key material… from dapps, like bots… This issue should not affect non-custodial wallets.”
Anza clarified the vulnerability was limited to the “specific JavaScript client library.” The attackers compromised npm publishing credentials, enabling the malicious code injection. These credentials were quickly revoked, limiting the attack window to between 3:20 pm and 8:25 pm UTC on December 2, 2024.
Technical Analysis of the Exploit
P.M. (@p_misirov on X), an information security expert, provided technical insights into the attack, stating that “the supply chain attack on Solana web3.js is another reminder of how critical it is to secure the entire production pipeline.” According to P.M., the maintainers of the library were likely “phished / social-engineered,” giving attackers access to the codebase.
P.M. further explained the technical details of the exploit: “The backdoor inserted in v1.95.7 adds an ‘addToQueue’ function which exfiltrates the private key through seemingly-legitimate CloudFlare headers. Calls to this function are then inserted in various places that (legitimately) access the private key.” This analysis reveals how the malicious code was cleverly disguised within seemingly normal functionality.
On-Chain Analysis and Response
On-chain analysis revealed over $161,000 in SOL and $31,000 in other tokens in the attacker’s address, totaling about $192,000. The Solana Foundation and community responded swiftly. Major wallets and dApps confirmed they were unaffected. Anza urged developers to upgrade to v1.95.8 and rotate any potentially compromised keys.
Swift Response and Containment by Solana Ecosystem
The Solana Foundation and community members responded rapidly to contain the breach and mitigate its impact. Major Solana wallets and dApps confirmed they remained unaffected.
Anza urged developers to upgrade to the patched version 1.95.8: “We are asking all Solana app developers to upgrade to version 1.95.8. Developers pinned to latest should also upgrade to 1.95.8.” They also recommended rotating any potentially compromised keys as a precautionary measure.
Read More
- South Korea’s Martial Law Declaration Plunges Crypto Prices
- France’s Bold Crypto Tax Plan Faces Unprecedented Scrutiny
- Tornado Cash Available Soon? Court Ruling Overturns Sanctions
Yona has no crypto positions and does not hold any crypto assets. This article is provided for informational purposes only and should not be construed as financial advice. The Shib Daily is an official media and publication of the Shiba Inu cryptocurrency project. Readers are encouraged to conduct their own research and consult with a qualified financial adviser before making any investment decisions.
