Cybersecurity researchers are raising alarms over a supply chain attack targeting the popular npm package @solana/web3.js, widely used by Solana developers. Two malicious versions of the package, 1.95.6 and 1.95.7, were found to include injected code designed to steal private keys, posing a significant threat to cryptocurrency wallets.
What Happened?
The attack compromised @solana/web3.js by introducing malicious backdoors in versions 1.95.6 and 1.95.7. These versions have since been removed from the npm registry, but during their brief availability, they posed a critical threat to developers and users relying on the package.
Technical Details
Injected Malicious Code
The rogue versions included an addToQueue function that:
Attack Timeline
Vulnerable Projects
Immediate Steps for Developers
The Broader Threat Landscape
Sophisticated Techniques
This attack is part of a rising trend of supply chain attacks in the open-source ecosystem. Recent examples include:
Targeting Developer Trust
Threat actors exploit the inherent trust in open-source software, introducing malicious code that can spread through enterprise environments.
Protecting Against Future Attacks
This attack underscores the critical need for vigilance in supply chain security. Developers using @solana/web3.js should act immediately to protect their projects and funds by updating to the latest version and reviewing their codebases for any signs of compromise.
© 2016 - 2025 Red Secure Tech Ltd. Registered in England and Wales under Company Number: 15581067