Critical Alert: Hackers Target Millions by Injecting Backdoor into Solana’s Web3.js Library

Critical Alert: Hackers Target Millions by Injecting Backdoor into Solana's Web3.js Library

Security Alert: Malicious Versions of Solana Web3.js NPM Package Detected

A critical software supply chain attack has been discovered targeting the @solana/web3.js npm library, affecting versions 1.95.6 and 1.95.7. The compromised versions, which have since been removed from the npm registry, contained malicious code designed to steal cryptocurrency wallet private keys.

Key Points:
– The package receives over 400,000 weekly downloads
– Affected versions: 1.95.6 and 1.95.7
– Attack window: December 2, 2024, 3:20-8:25 PM UTC
– Malicious code exfiltrated private keys through CloudFlare headers to sol-rpc[.]xyz
– Attack likely resulted from a phishing compromise of package maintainer accounts

Impact:
– Only affects projects directly handling private keys
– Non-custodial wallets generally unaffected
– Projects using the library as dependency are at risk

Remediation Steps:
1. Update to latest version (1.95.8)
2. Rotate authority keys if potential compromise suspected

This incident follows recent discoveries of other malicious Solana-themed packages, highlighting ongoing security concerns in the open-source ecosystem.

Share This Article