- Solana‘s web3.js library versions 1.95.6 and 1.95.7 were compromised in a supply chain attack.
- Attackers gained access to publish rights and inserted malicious code to steal private keys.
- Approximately $160,000 in funds were stolen during the five-hour attack window.
- Major platforms including Solflare, Phantom Wallet, and Helium confirmed they were unaffected.
- Developers advised to upgrade to version 1.95.8 immediately.
Supply Chain Attack Targets Solana Development Library
A security breach in Solana’s primary JavaScript development library resulted in approximately $160,000 in stolen funds on December 2, highlighting vulnerabilities in cryptocurrency infrastructure.
The compromise affected versions 1.95.6 and 1.95.7 of the web3.js library, a fundamental tool for Solana application developers.
Attack Methodology and Impact
The attackers targeted the library’s publishing system through what investigators believe was a phishing campaign, gaining access to the publish-access account.
They implemented a malicious ‘addToQueue’ function that masqueraded as legitimate Cloudflare headers while extracting private keys from affected applications.
Limited Exposure Window
According to research firm Anza, the vulnerability was active for approximately five hours, from 3:20 PM to 8:25 PM UTC on December 2.
The firm emphasized that the issue was isolated to the JavaScript client library and did not affect the underlying Solana protocol.
Major Platforms Unaffected
Several prominent Solana ecosystem participants confirmed they avoided exposure:
- Solflare wallet services
- Phantom Wallet infrastructure
- Helium network operations
Mitigation Steps
Developers using the Solana web3.js library are advised to immediately upgrade to version 1.95.8. Projects using version 1.95.5 remain unaffected by the exploit.
Blockchain analysis shows the attacker’s wallet accumulated approximately $160,000 during the incident.
✅ Follow BITNEWSBOT on Facebook, LinkedIn, X.com, and Google News for instant updates.
Previous Articles:
- Bitcoin Sell Wall Looms at $100K as Holders Rush to Cash In on 40% Rally
- Monero Hits 18-Month High as Privacy Coins Rally on Tornado Cash Ruling
- Musk Backs Trump’s Bitcoin Plan as U.S. Debt Hits $36 Trillion
- Congressman’s Ski Mask Dog Token Purchase Sparks 116% Rally After Tweet
- Bitcoin ETF Inflows Double to $676M as BlackRock’s Fund Dominates Market
