A recent supply chain attack targeted the popular @solana/web3.js npm library, posing a risk to developers and cryptocurrency users. The attack, which occurred on December 2, 2024, involved the publication of malicious versions 1.95.6 and 1.95.7 of the library, aimed at stealing private keys to access funds. Fortunately, the compromised versions have been removed from circulation.
The attackers exploited the library’s maintainers, potentially through phishing, to inject malicious code into the package. This code allowed them to exfiltrate private keys to a server under their control, sol-rpc[.]xyz, which was registered just days before the attack. Security researcher Christophe Tafani-Dereeper identified a backdoor function called “addToQueue” that enabled the hijacking of key-sensitive processes within the package.
Projects that directly handled private keys and updated their dependencies during the five-hour attack window were impacted. This includes decentralized applications (dApps) and automated bots that rely on private keys for operation. However, non-custodial wallets, which do not expose private keys during transactions, remained unaffected. The stolen assets, primarily in SOL tokens, are estimated to be between $130,000 and $160,000. Major wallets like Phantom and Coinbase confirmed that they were not impacted as they did not incorporate the compromised versions.
To prevent further attacks, developers are advised to audit their dependencies to check for the use of @solana/web3.js versions 1.95.6 or 1.95.7, update to version 1.95.8 immediately, and rotate keys if compromise is suspected. This incident underscores the ongoing vulnerabilities in open-source software supply chains and follows similar breaches targeting cryptocurrency wallets.
The attack serves as a reminder of the importance of maintaining robust supply chain security, particularly as cryptocurrency ecosystems continue to expand. It is crucial for security programs to evolve beyond traditional vulnerability management and adopt a proactive approach that focuses on understanding the risks posed by software components and their behaviors at runtime. Increased vigilance when managing dependencies in high-risk environments is essential to mitigate the risks associated with supply chain attacks in the future.