Solana prevents supply chain attack, users witness six-figure losses
On December 3, a supply chain attack on the Solana ecosystem was detected and quickly stopped. The incident occurred due to an account with public access to the JavaScript library solana/web3.js being compromised, allowing the attacker to send malicious code packages aimed at stealing private keys from decentralized applications (dApps). Although the attack did not affect non-custodial wallets, developers reported that the attack only impacted the JavaScript client library and did not harm the security of the Solana blockchain.
Data shows that this incident resulted in over $160,000 being stolen, most of which was SOL. Some investors even reported losses of up to six figures. Although it was timely prevented, it is clear that the damage could have been greater if the attacker had focused on more sophisticated methods similar to a previous hardware wallet breach. Projects like Phantom and Backpack have confirmed that they were not affected by this attack.