Hackers compromised the JavaScript library @solana/web3.js, a critical tool used by developers to build decentralized applications on the Solana blockchain. The breach was reported by analysts at Anza.
Earlier today, a publish-access account was compromised for @solana/web3.js, a JavaScript library that is commonly used by Solana dapps. This allowed an attacker to publish unauthorized and malicious packages that were modified, allowing them to steal private key material and…
— Anza (@anza_xyz) December 3, 2024
On December 2, the attackers gained access to the account maintaining the library. They tampered with versions 1.95.6 and 1.95.7, embedding malicious code designed to extract private keys and drain funds from protocols.
Projects or systems that downloaded and implemented these files unknowingly exposed themselves to exploitation. According to data from Solscan, the attack resulted in losses of approximately $160,000 in digital assets.
Scope of the Exploit
Anza clarified that the exploit did not target the Solana network itself but rather the developer library. The malicious code only affected applications that directly handle private keys, such as bots. However, Anza has not disclosed the identities of the affected projects.
Developer Response
Experts urged all Solana developers to update their JavaScript libraries to the latest versions.
The team behind the Phantom crypto wallet reassured users that they had never integrated the compromised library versions, ensuring user funds remained safe.
Phantom is not impacted by this vulnerability.
— Phantom (@phantom) December 3, 2024
Our Security Team confirms that we have never used the exploited versions of @solana/web3.js https://t.co/9wHZ4cnwa1
Other major projects, including Solflare, Drift, and Backpack, also confirmed they were unaffected by the attack.
Context and Broader Impact
Earlier, the XT exchange suffered a breach where hackers stole $1.7 million in assets.
As of Q3 2024, the crypto industry had recorded losses totaling $753 million across 155 incidents involving hacks, exploits, and scams, reflecting ongoing vulnerabilities within the space.
Takeaway
This incident underscores the importance of vigilant library management and rapid response measures in maintaining the security of blockchain ecosystems.
Cryptol – your source for the latest news on cryptocurrencies, information technology, and decentralized solutions. Stay informed about the latest trends in the digital world.