The post Phantom wallet is safe from the Solana supply chain attack appeared on BitcoinEthereumNews.com.

Phantom wallet is safe, despite speculations it may have been compromised as part of a Solana supply chain attack. Solana users were exposed after malicious code was injected into a Web3 JS library for Solana.  Phantom wallet announced that it was not affected by the Solana supply chain attack, which was discovered in one of the open-source Web3 libraries. The wallet did not report any exploits on its side, although an unknown number of users may have been affected. The wallet itself does not use any of the compromised versions.  Phantom is not impacted by this vulnerability. Our Security Team confirms that we have never used the exploited versions of @solana/web3.js https://t.co/9wHZ4cnwa1 — Phantom (@phantom) December 3, 2024 Solana builders and users may have been exposed to two malicious versions of web3.js, 1.95.6 and 1.96.7. The earlier version is safe, as well as an upgrade to version 1.95.8. The attack was noticed on December 2 and it affected apps, bots, and custodial services. The widely used library contained code that requested and broadcast private keys, thus compromising user wallets.  Based on the records of the Anza development firm, the account was exposed for around 5 hours on December 2, which limited the number of potential downloads during that time window.  The suspected versions were immediately unpublished, but apps and projects may have their multisig or other credentials exposed. For now, there is no data about any major Solana apps or accounts changing their wallets or storage. The last transaction to the exploiter wallet was from December 3, further suggesting the exploit affected a limited number of users.  In the meantime, one of the identified wallets is moving funds to a new account with a high balance of SOL and other assets, including Jupiter (JUP). The new account has been identified…

---

Filed under: News - @ December 5, 2024 11:22 am