Backdoor Discovered in Solana’s Web3.js npm Library: Crypto Wallets at Risk

A critical security incident has been uncovered involving the @solana/web3.js npm library, widely used by developers building applications on the Solana blockchain. The attack compromised versions 1.95.6 and 1.95.7, both of which have been removed from the npm registry.

Hackers injected malicious code into these versions, designed to steal private keys 🔑 from developers and users. Once compromised, the attackers could gain access to cryptocurrency wallets and drain their funds.

A newly added function, addToQueue(), was discovered to be the main culprit. This function:

Extracts private keys from apps using the library.Sends the keys to a command-and-control server located at sol-rpc[.]xyz, which is now offline.

It’s suspected that the hackers gained access to the package maintainers’ accounts through a phishing attack. With control of the account, they were able to publish these rogue versions.

Projects that directly handle private keys and updated the library between 3:20 p.m. UTC and 8:25 p.m. UTC on December 2, 2024, are most at risk.

Non-custodial wallets, which do not expose private keys, are generally safe from this attack.

Update to version 1.95.8 or later immediately.Rotate your private keys if you think they may have been exposed.Avoid downloading outdated or suspicious package versions.

This attack is part of a growing trend in the npm ecosystem. Recently, other malicious packages, such as Solana-system program-utils, were found rerouting user funds in a small percentage of transactions.

Additionally, packages like crypto-keccak, crypto-JSON web token, and crypto-big number have been discovered with hidden code designed to steal credentials and wallet data.

Developers and organizations must remain vigilant. Open-source libraries are a critical part of the software supply chain, and attacks on these can lead to widespread exploitation, financial losses, and compromised systems.

Regularly audit your dependencies for suspicious updates.Use security tools to monitor for vulnerabilities.Rotate credentials and keys as a precautionary measure.

💬 Stay Ahead of Cyber Threats with Professional Penetration Testing Services 🛡️

At Wire Tor, we specialize in uncovering vulnerabilities before attackers exploit them. Our comprehensive pentest services include:

🔍 Web Application Penetration Testing

📱 Mobile Application Security

🌐 Network Penetration Testing

☁️ Cloud Security Assessments

🔓 Social Engineering Simulations

🔧 IoT Security Testing

🌟 Follow for pentest services and updates: https://www.linkedin.com/company/wiretor

🚀 Reach Before Breach with Wire Tor!