skip to content
Decrypt LOL

Get Cyber-Smart in Just 5 Minutes a Week

Decrypt delivers quick and insightful updates on cybersecurity. No spam, no data sharing—just the info you need to stay secure.

Read the latest edition

Malicious Code Found in Solana's web3.js Library

/ 1 min read

Malware found in compromised Solana JavaScript library. A security advisory revealed that malicious versions of the popular JavaScript library @solana/web3.js were distributed via the npm package registry after a hijacked account published unauthorized code. This incident, affecting versions 1.95.6 and 1.95.7, allowed attackers to potentially steal private keys and drain funds from decentralized applications (dapps) linked to the Solana blockchain, which remains unaffected. The attack, traced back to a spear phishing email, resulted in an estimated financial loss of around $130,000. Developers are advised to check for compromised packages using security tools, as the malicious code was available for a limited time on December 3, 2024.