Loading...
Loading...
Browse all stories on DeepNewz
VisitSolana Web3.js Library Versions 1.95.6, 1.95.7 Compromised in Supply Chain Attack
Dec 3, 2024, 10:38 PM
A critical security breach has been identified in the popular Solana JavaScript library, @solana/web3.js, used for connecting Solana-related technologies to blockchain nodes. Versions 1.95.6 and 1.95.7 of the library were compromised through a supply chain attack, injecting malicious code, referred to as a secret stealer, that leaks private keys to a remote server, enabling attackers to drain cryptocurrency wallets. Developers and users relying on these versions are advised to upgrade to version 1.95.8 immediately, as version 1.95.5 remains unaffected. Security organizations, including @_SEAL_Org, flagged the issue promptly, and guidance on identifying potential impacts has been shared by the crypto security community. Services capable of blacklisting affected addresses have been urged to act. The incident underscores the risks associated with supply chain vulnerabilities in widely used software libraries.
View original story
Markets
Yes • 50%
No • 50%
Transaction volume data from Solana blockchain explorers
No • 50%
Yes • 50%
Official reports from law enforcement or cybersecurity organizations
No • 50%
Yes • 50%
Official announcements from Solana or security organizations like @_SEAL_Org
0-5 exchanges • 25%
More than 15 exchanges • 25%
11-15 exchanges • 25%
6-10 exchanges • 25%
Announcements from major cryptocurrency exchanges
50% to 75% • 25%
More than 90% • 25%
Less than 50% • 25%
75% to 90% • 25%
Surveys or reports from Solana developer community or GitHub statistics
More than $10 million • 25%
Less than $1 million • 25%
$1 million to $5 million • 25%
$5 million to $10 million • 25%
Reports from cybersecurity firms or Solana Foundation