trent.sol, a core developer of the Solana ecosystem development team Anza, disclosed this morning on X that the commonly used JavaScript (JS) library 'solana/web3.js' versions 1.95.6 and 1.95.7 have been maliciously modified. It is reported that attackers exploited the vulnerability to release unauthorized versions containing malicious code, which was modified to steal private key information and siphon funds from applications directly handling private keys (such as automated trading robots, wallet operators, etc.).
trent.sol's call:
If you or your product are using either of these versions, please upgrade to version 1.95.8 immediately (version 1.95.5 is not affected). In addition, if the services you run can block addresses, please blacklist FnvLGtucz4E1ppJHRTev6Qv4X7g8Pw6WPStHCcbAKbfx and take necessary actions.
After the message was released, mainstream entities including Phantom, Solfare, Backpack, and Glow Wallet came forward to state that they are not affected.
Phantom is not impacted by this vulnerability. Our Security Team confirms that we have never used the exploited versions of @solana/web3.js https://t.co/9wHZ4cnwa1
— Phantom (@phantom) December 3, 2024
However, users utilizing automated trading robot services or other wallets must confirm potential risks with the operators or transfer funds immediately.
Source
