Solana supply chain attack contained, but users face six-figure losses

Share This Post

A supply chain attack on the Solana network ecosystem was quickly contained during the past day.

On Dec. 3, Anza, a Solana-focused development team, revealed that an account with publish access to the solana/web3.js JavaScript library was compromised.

This allowed the attacker to inject unauthorized packages containing malicious code that stole private key information and drained funds from decentralized applications (dApps) that interact with private keys.

Solana blockchain safe

The attack did not affect non-custodial wallets, as these wallets do not expose private keys during transactions. Developers clarified that the issue is specific to the JavaScript client library and does not involve the Solana protocol.

A staunch Solana advocate, Mert Mumtaz, reassured the community that the attack was contained while pointing out that the incident had “nothing to do with the security of the [Solana] blockchain itself.”

He also explained that the issue mainly impacted developers who had updated their systems within a short time window, specifically those running JavaScript bots or similar backend systems using private keys. End-users and wallets were largely unaffected, as they do not expose private keys.

Meanwhile, several Solana-based projects, including Phantom and the Backpack exchange, confirmed that the exploit did not impact them.

Phantom, the most popular Solana wallet, emphasized that they had never used the compromised versions of @solana/web3.js, ensuring their users’ security remained intact.

Six-figure loss

While the attack was promptly contained, the pseudonymous developer of DeFiLlama 0xngmi reported that some investors lost six figures due to the incident.

On-chain data suggest that the malicious attack resulted in an estimated $160,000 in stolen assets, primarily in SOL. The attacker’s address held over $161,000 worth of SOL and additional tokens valued at over $31,000.

While the loss is significant, 0xngmi believes the damage could have been far worse. He explained that the hacker’s direct targeting of private keys may have limited the attack’s potential as a more sophisticated exploit, such as the one seen in last year’s Ledger hardware wallet compromise, could have been far more destructive.

In that incident, attackers replaced a legitimate library with a malicious one, resulting in losses exceeding $610,000

The post Solana supply chain attack contained, but users face six-figure losses appeared first on CryptoSlate.

Read Entire Article
spot_img
- Advertisement -spot_img

Related Posts

B2BROKER’s B2TRADER Gets a Major Update with C-Book Routing, Flexible Markups, and Mobile Trading

PRESS RELEASE B2BROKER has released a new version of its multi-asset and multi-market trading platform, B2TRADER The latest release, B2TRADER 22, introduces significant improvements designed to

6 Must-Grab Picks: Crypto Fans Are Flocking to the Best Crypto Presale of the Year Promising Mind-Blowing Returns!

The post 6 Must-Grab Picks: Crypto Fans Are Flocking to the Best Crypto Presale of the Year Promising Mind-Blowing Returns! appeared first on Coinpedia Fintech News Have you ever wondered why

$TRUMP Coin Predicted to Hit $50, While Ozak AI Aims to Reach $1 Before Dogecoin

The post $TRUMP Coin Predicted to Hit $50, While Ozak AI Aims to Reach $1 Before Dogecoin appeared first on Coinpedia Fintech News The $TRUMP Coin, a cryptocurrency associated with the 45th President

Uniswap’s Nemesis 1FUEL Launches Taking Big Investment From NEAR Protocol Holders In January

The post Uniswap’s Nemesis 1FUEL Launches Taking Big Investment From NEAR Protocol Holders In January appeared first on Coinpedia Fintech News Over the years, Uniswap and NEAR Protocol have

China’s 194,000 Bitcoin Completely Sold, Claims CryptoQuant CEO

CryptoQuant CEO and founder Ki Young Ju has stated that Chinese authorities have already liquidated a massive trove of BTC originally tied to the PlusToken scam Posting on X (formerly Twitter) on

Solana Price Prediction Today (24th January 2025)

The post Solana Price Prediction Today (24th January 2025) appeared first on Coinpedia Fintech News The cryptocurrency market has achieved another huge milestone as Donald Trump, President of the