Solana Web3.js Library Hack Leads to $160K Theft in Supply Chain Attack

Critical security breach: Popular JavaScript library used by Solana developers targeted in supply chain attack

  • Solana‘s web3.js library versions 1.95.6 and 1.95.7 were compromised in a supply chain attack.
  • Attackers gained access to publish rights and inserted malicious code to steal private keys.
  • Approximately $160,000 in funds were stolen during the five-hour attack window.
  • Major platforms including Solflare, Phantom Wallet, and Helium confirmed they were unaffected.
  • Developers advised to upgrade to version 1.95.8 immediately.

Supply Chain Attack Targets Solana Development Library

A security breach in Solana’s primary JavaScript development library resulted in approximately $160,000 in stolen funds on December 2, highlighting vulnerabilities in cryptocurrency infrastructure.

- Advertisement -

The compromise affected versions 1.95.6 and 1.95.7 of the web3.js library, a fundamental tool for Solana application developers.

Attack Methodology and Impact

The attackers targeted the library’s publishing system through what investigators believe was a phishing campaign, gaining access to the publish-access account.

They implemented a malicious ‘addToQueue’ function that masqueraded as legitimate Cloudflare headers while extracting private keys from affected applications.

Limited Exposure Window

According to research firm Anza, the vulnerability was active for approximately five hours, from 3:20 PM to 8:25 PM UTC on December 2.

The firm emphasized that the issue was isolated to the JavaScript client library and did not affect the underlying Solana protocol.

Major Platforms Unaffected

Several prominent Solana ecosystem participants confirmed they avoided exposure:

- Advertisement -

Mitigation Steps

Developers using the Solana web3.js library are advised to immediately upgrade to version 1.95.8. Projects using version 1.95.5 remain unaffected by the exploit.

Blockchain analysis shows the attacker’s wallet accumulated approximately $160,000 during the incident.

✅ Follow BITNEWSBOT on Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

- Advertisement -

Latest News

Hong Kong Unveils LEAP Framework, Sets Global Crypto Rulebook

Hong Kong announced the LEAP framework on June 26 to regulate stablecoins and tokenized...

BNB Chain Plans 5,000 DEX Swaps/Sec in Major 2025-2026 Upgrade

BNB Chain will upgrade its infrastructure in the second half of 2025 to process...

Google Chrome Patches Zero-Day GPU Bug Exploited in the Wild

Google released patches for six security flaws in Chrome, including one critical zero-day vulnerability...

Citigroup Set to Launch Citi Stablecoin, Eyes Crypto Custody Next

Citigroup plans to introduce a Citi stablecoin to support tokenized finance projects.CEO Jane Fraser...

UK Leaders Address Stablecoins, Urge Payment Innovation at Mansion House

The UK’s Chancellor and the Bank of England Governor addressed stablecoins and payments innovation...

Must Read

Top 10 Best Crypto Advertising Networks

So, you are interested in promoting your crypto-related product or service but you don’t know how to go about it. Today we are going...