Market
Will the Solana Web3.js supply chain attack be fully mitigated by March 31, 2025?
3
Resolution / Starting Odds
Yes • 50%
No • 50%
Official announcements from Solana or security organizations like @_SEAL_Org
Story
Solana Web3.js Library Versions 1.95.6, 1.95.7 Compromised in Supply Chain Attack
Dec 3, 2024, 10:38 PM
A critical security breach has been identified in the popular Solana JavaScript library, @solana/web3.js, used for connecting Solana-related technologies to blockchain nodes. Versions 1.95.6 and 1.95.7 of the library were compromised through a supply chain attack, injecting malicious code, referred to as a secret stealer, that leaks private keys to a remote server, enabling attackers to drain cryptocurrency wallets. Developers and users relying on these versions are advised to upgrade to version 1.95.8 immediately, as version 1.95.5 remains unaffected. Security organizations, including @_SEAL_Org, flagged the issue promptly, and guidance on identifying potential impacts has been shared by the crypto security community. Services capable of blacklisting affected addresses have been urged to act. The incident underscores the risks associated with supply chain vulnerabilities in widely used software libraries.
View original story
Similar markets
Wallet providers • 25%
Solana Foundation • 25%
Open-source community • 25%
Independent security firms • 25%
Cease use of the library • 25%
Upgrade to version 1.95.8 • 25%
Switch to a different library • 25%
Implement additional security checks • 25%
Solflare • 25%
Brave Wallet • 25%
None • 25%
Phantom • 25%
International cybersecurity agreement • 25%
No significant resolution • 25%
Prosecution of responsible parties • 25%
Compensation to affected parties • 25%
