According to Odaily Planet Daily, Phantom stated on the X platform that it was not affected by the @solana/web3.js vulnerability, and the security team confirmed that it was not using the compromised version.
Anza core developer trent.sol pointed out that users using @solana/web3.js versions 1.95.6 and 1.95.7 may face the risk of private key leakage, and it is recommended to upgrade to 1.95.8.
