Solana Web3.js Hack Drains Funds From dApps

The post Solana Web3.js Hack Drains Funds From dApps appeared on BitcoinEthereumNews.com.

Solana’s Web3.js hack exposed library flaws, draining $160K from dApps and key projects. Developers urged to update Solana library to version 1.95.8 to secure dApps from future hacks. SOL price fell 1.3% after the $160K loss but remains up 289.58% year-over-year. Layer 1 blockchain network Solana (SOL) suffered a massive software supply chain attack on Tuesday, impacting the protocol’s users and developers. The attack involved the solana/web3.js JavaScript library, which is used by many decentralized applications (dApps) on the Solana blockchain. The Solana development team, Anza, reported that an account with access to publish the library was compromised. This allowed the attackers to introduce malicious code that captured private keys and transmitted them to a hardcoded address. As a result, the attackers drained funds from dApps that interacted with these private keys. Another bad day for Solana users and developers… a massive wallet draining attack was injected into their tech stack. The injected code captures private keys and transmits them to a hardcoded address. Believed to be the result of a social engineering/phishing attack targeting… — phil (@phil_uplc) December 4, 2024 Read also: Solana ETFs Under SEC Scrutiny: Approval Timeline Revealed Anza stated on X (formerly Twitter) that the attack “should not affect non-custodial wallets” because they do not expose the private keys stored in the library during transactions. Only projects directly handling private keys and updated between 3:20 pm UTC and 8:25 pm UTC on Tuesday were affected. The Solana development team quickly caught and erased the unauthorized code. They also asked developers to update to version 1.95.8. Analyst “MartyParty” soon confirmed that the money flow had stopped, indicating the issue was fixed. Impact of the Attack: Six-Figure Loss and SOL Price Decline DeFiLlama’s pseudonymous developer, 0xngmi, pointed out that some investors reported six-figure losses. On-chain data showed that…

Leave a Reply

Your email address will not be published. Required fields are marked *

Filed under: News - @ December 5, 2024 10:18 am