Hackers Exploit Solana Developers via JavaScript Library Compromise

Malefactors have breached the JavaScript library @solana/web3.js, a crucial tool for developers building decentralized applications on the Solana blockchain, according to analysts at Anza.

Earlier today, a publish-access account was compromised for @solana/web3.js, a JavaScript library that is commonly used by Solana dapps. This allowed an attacker to publish unauthorized and malicious packages that were modified, allowing them to steal private key material and…

— Anza (@anza_xyz) December 3, 2024

On December 2, hackers gained access to the account maintaining the library. They compromised versions 1.95.6 and 1.95.7, embedding malicious code that extracted private keys and siphoned funds from protocols.

Projects or systems that downloaded and integrated these files unwittingly became vulnerable to the exploit.

The incident resulted in the theft of digital assets worth approximately $160,000, according to data from Solscan.

The Anza team stated that the exploit is not related to the Solana network itself, but only to the developer library. The malicious code could only attack applications that directly handle private keys, such as those using bots. However, the company did not disclose the victims of the attack.

Experts have urged all Solana developers to update their JavaScript libraries to the latest version.

The Phantom wallet team assured that they have never used the compromised library versions, ensuring user funds are safe.

Phantom is not impacted by this vulnerability.

Our Security Team confirms that we have never used the exploited versions of @solana/web3.js https://t.co/9wHZ4cnwa1

— Phantom (@phantom) December 3, 2024

Similarly, Solflare, Drift, and Backpack took the same stance.

Earlier, the XT exchange was hacked, with perpetrators stealing assets worth $1.7 million.

In the third quarter of 2024, losses in the crypto industry from 155 cases of hacks, exploits, and fraud amounted to $753 million.