Loading...
Loading...
Browse all stories on DeepNewz
VisitMost common mitigation strategy for Solana Web3.js library users by February 2025?
Upgrade to version 1.95.8 • 25%
Switch to a different library • 25%
Implement additional security checks • 25%
Cease use of the library • 25%
Developer forums, official Solana communications, and security advisories
Solana Web3.js Library Compromised in Supply Chain Attack, Versions 1.95.6 and 1.95.7 Expose Private Keys; Upgrade to 1.95.8
Dec 3, 2024, 10:43 PM
A significant security vulnerability has been identified in the Solana Web3.js library, specifically in versions 1.95.6 and 1.95.7. This vulnerability, described as a supply chain attack, allows malicious code to steal private keys from users and developers, potentially enabling attackers to drain crypto wallets. The compromised library is widely used in Solana decentralized applications (dApps). Users are advised to upgrade to version 1.95.8, which is unaffected by the issue. Several wallet providers, including Phantom, Solflare, and Brave Wallet, have confirmed that they are not impacted by this vulnerability, as they do not utilize the compromised versions of the library. The incident underscores the importance of security in the Web3 ecosystem, with various security teams actively monitoring the situation and providing guidance on how to check for potential impacts.
View original story
Removal of Polyfill.io code • 33%
Switching to alternative services • 33%
Implementing additional security measures • 33%
Less than 50% • 25%
50% to 75% • 25%
75% to 90% • 25%
More than 90% • 25%
Yes • 50%
No • 50%
Updating RADIUS servers • 25%
Using TLS/IPSec • 25%
Avoiding PAP/CHAP methods • 25%
Other • 25%
Yes • 50%
No • 50%
Less than $1 million • 25%
$1 million to $5 million • 25%
$5 million to $10 million • 25%
More than $10 million • 25%
Multi-Party Computation (MPC) • 25%
Fully Homomorphic Encryption (FHE) • 25%
Zero-Knowledge (ZK) proofs • 25%
Other • 25%
Bitcoin • 25%
Ethereum • 25%
Dogecoin • 25%
Other • 25%
Disabling CUPS • 25%
Applying a security patch • 25%
Network segmentation • 25%
Other • 25%
Brave Wallet • 25%
None • 25%
Phantom • 25%
Solflare • 25%