Solana Web3.js Library Hack Compromises Security and Steals $160K
- Attack compromises web3.js library and steals cryptocurrencies
- Versions 1.95.6 and 1.95.7 have been modified with malicious code
- Updating to version 1.95.8 is essential for security
On December 2, 2024, a serious flaw compromised the security of the @solana/web3.js JavaScript library, widely used in the development of decentralized applications (dApps) based on the Solana blockchain. The supply chain attack allowed attackers to introduce malicious code into versions 1.95.6 and 1.95.7, resulting in the theft of private keys and the drain of more than $160.000 in cryptocurrency, according to data from Solscan.
Anyone using @solana/web3.js, versions 1.95.6 and 1.95.7 are compromised with a secret stealer leaking private keys. if you or your product are using these versions, upgrade to 1.95.8 (1.95.5 is unaffected)
if you run a service that can blacklist addresses, do your thing with…
— trent.sol (@trentdotsol) December 3, 2024
The attackers gained access to the credentials of an account with publishing permissions on the npm registry, where the library is hosted. From there, they published altered versions of the library containing the malicious 'addToQueue' function. This function captured private key information and sent it to a server controlled by the attackers, disguising the traffic in seemingly legitimate Cloudflare headers.
At the time of publication, Solana's price was quoted at $230,19, up 2.5% in the last 24 hours.
Community Impact and Response
The attack was quickly identified and the compromised versions were removed from npm within five hours. A clean update, version 1.95.8, was published to replace the affected versions. The incident primarily affected developers who updated to the compromised versions during the time frame of 3:20 PM UTC to 8:25 PM UTC on December 2.
Steven Luscher, one of the library’s maintainers, clarified that “this is not an issue with the Solana protocol, but rather with a specific JavaScript client library.” He emphasized that the incident was limited to projects that directly handle private keys, such as bots and backend systems. Non-custodial wallets such as Phantom and Solflare confirmed that they were not impacted, reassuring their users about the safety of their funds.
Recommended Safety Measures
Supply chain attacks like this one demonstrate the risk of relying on external dependencies without regular audits. The Solana community has urged developers to immediately update to version 1.95.8 and conduct a thorough review of their projects, especially those that rely on older versions of the library. It is also recommended that any potentially compromised private keys be rotated.
Practices such as maintaining an audited dependency list, utilizing integrity checking tools, and performing regular updates are essential to mitigate similar attacks. This type of attack not only threatens developers, but also end users who rely on the security of Solana blockchain-based platforms.
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
[Initial Listing] Bitget Will List League of Traders (LOT) in the Innovation Zone
Ethereum Poised for Explosive Breakout After Six Weeks of Consolidation
ETH has traded in a tight 2% range for six weeks, setting up for a strong breakout that could ignite a sharp rally.Six Weeks of Stagnation Turns into Bullish SetupWhy This Consolidation Is DifferentWhat to Watch Before the Pop

SOL Correction Nears End as Bulls Target $220-$250
Solana correction phase is ending; analysts eye a bullish breakout toward $220–$250 in the coming wave.SOL Price Correction Nears CompletionTarget Zone: $220–$250 for the Next WaveWhat to Watch Moving Forward

South Korea’s FSC Unveils Roadmap for Spot Crypto ETFs and Won‑Based Stablecoins
FSC eyes approval of spot crypto ETFs and easing of won-based stablecoin rules in H2 2025.South Korea Eyes Spot Crypto ETFs by Late 2025Korean Won-Based Stablecoins to See Regulatory ReliefA Broader Shift in Crypto Policy

Trending news
MoreCrypto prices
More








