A recent supply chain attack has targeted the widely used @solana/web3.js npm library, putting developers and cryptocurrency users at risk. The malicious versions, 1.95.6 and 1.95.7, were briefly published on December 2, 2024, but have since been removed. This attack exploited the library’s maintainers, likely through phishing, allowing attackers to inject malicious code. The injected code exfiltrated private keys to an attacker-controlled server, sol-rpc[.]xyz, which was registered days before the breach.
Security researcher Christophe Tafani-Dereeper identified a backdoor function called “addToQueue” within the compromised package, which hijacked key-sensitive processes. Projects that directly handled private keys and updated their dependencies during the five-hour attack window were affected. These include decentralized applications (dApps) and automated bots that rely on private keys to operate. Non-custodial wallets, which do not expose private keys during transactions, were not impacted. The stolen assets, primarily in SOL tokens, are estimated to total between $130,000 and $160,000. Major wallets like Phantom and Coinbase confirmed they were unaffected as they did not integrate the compromised versions.
To prevent further risks, Solana Labs and other experts recommend developers to audit dependencies to identify usage of the affected versions and update to version 1.95.8 immediately. Developers are also advised to rotate keys, including multi-sigs and program authorities, if compromise is suspected. This incident highlights the vulnerabilities in open-source software supply chains, following previous npm package breaches targeting cryptocurrency wallets.
While major wallets remained unharmed, smaller dApps and tools integrated with the compromised library were exposed. Security firm Socket emphasized the need for increased vigilance when managing dependencies in high-risk environments. This attack underscores the importance of robust supply chain security as cryptocurrency ecosystems continue to expand.
In response to the growing threat of supply chain attacks, security programs must evolve beyond traditional vulnerability management. A proactive approach that focuses on understanding the risks posed by software components and their behaviors at runtime will be crucial for effectively managing third-party software risk and securing the software supply chain.