BTC $71,807
2026 Bull Run Is Building Start trading with 5% OFF all fees
Sign Up Now
BTC $71,807
Bull Run 2026 | 5% Off Fees Open your Binance account today
Sign Up
HomeNews

Solana Web3.js Library Hack Leads to $160K Theft in Supply Chain Attack

Critical security breach: Popular JavaScript library used by Solana developers targeted in supply chain attack

Pavlos Giorkas
By Pavlos Giorkas
123
  • Solana‘s web3.js library versions 1.95.6 and 1.95.7 were compromised in a supply chain attack.
  • Attackers gained access to publish rights and inserted malicious code to steal private keys.
  • Approximately $160,000 in funds were stolen during the five-hour attack window.
  • Major platforms including Solflare, Phantom Wallet, and Helium confirmed they were unaffected.
  • Developers advised to upgrade to version 1.95.8 immediately.

Supply Chain Attack Targets Solana Development Library

A security breach in Solana’s primary JavaScript development library resulted in approximately $160,000 in stolen funds on December 2, highlighting vulnerabilities in cryptocurrency infrastructure.

- Advertisement -

The compromise affected versions 1.95.6 and 1.95.7 of the web3.js library, a fundamental tool for Solana application developers.

Attack Methodology and Impact

The attackers targeted the library’s publishing system through what investigators believe was a phishing campaign, gaining access to the publish-access account.

They implemented a malicious ‘addToQueue’ function that masqueraded as legitimate Cloudflare headers while extracting private keys from affected applications.

Limited Exposure Window

According to research firm Anza, the vulnerability was active for approximately five hours, from 3:20 PM to 8:25 PM UTC on December 2.

- Advertisement -

The firm emphasized that the issue was isolated to the JavaScript client library and did not affect the underlying Solana protocol.

Major Platforms Unaffected

Several prominent Solana ecosystem participants confirmed they avoided exposure:

Mitigation Steps

Developers using the Solana web3.js library are advised to immediately upgrade to version 1.95.8. Projects using version 1.95.5 remain unaffected by the exploit.

Blockchain analysis shows the attacker’s wallet accumulated approximately $160,000 during the incident.

✅ Follow BITNEWSBOT on Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

- Advertisement -
Ad
Altseason Is Loading. Don't watch from the sidelines.
SOL $90.51
DOGE $0.0963
LINK $9.02
SUI $1.00
5% off fees when you sign up
Start Trading
Ad
Pay Less on Every Trade. For Life.
$10K/mo volume Save $60/yr
$50K/mo volume Save $300/yr
$100K/mo volume Save $600/yr
5% off all trading fees when you sign up
Claim Your Discount

Latest News

News

Aave moves to block law firm’s freeze of Kelp DAO exploit funds

DeFi giant Aave filed an emergency motion on Monday in a New York court...
News

Theta Labs Adds Alibaba Cloud, Expands AI to Twitch in April

Theta EdgeCloud now offers developers a 5% rebate in TDROP tokens on all GPU...
News

World Liberty Financial Sues Justin Sun for Defamation

World Liberty Financial filed a defamation lawsuit against Justin Sun in Florida, escalating a...
News

Court to Rule on North Korea-Linked Crypto From Kelp Hack

A legal battle over $71 million in crypto seized from North Korean Hackers will...
News

OpenMythos Publishes Open-Source “Claude Mythos” Clone

Developer Kye Gomez has published OpenMythos, an open-source architectural guess at Anthropic's unreleased Claude...

Must Read

Guides

26 Best Investment Audiobooks on Audible

Looking to expand your financial knowledge? Me too..When I first started investing, I was completely lost. There were so many terms, strategies, and theories...
Ad
Altseason Is Loading. These 4 coins are trending right now.
SOL $92.12
DOGE $0.0950
LINK $9.02
SUI $1.02
5% off spot fees when you sign up
Start Trading