Malicious Versions of Solana's web3.js Library Distributed

Malware found in compromised Solana JavaScript library. A security advisory revealed that malicious versions of the popular JavaScript library @solana/web3.js were distributed via the npm package registry, affecting nearly half a million weekly downloads. The attack stemmed from a hijacked npm account, allowing unauthorized packages to be published that could steal private keys and drain funds from decentralized applications (dapps) using the library. Two specific versions (1.95.6 and 1.95.7) were unpublished after the incident, which occurred on December 3, 2024. The financial loss is estimated at around $130,000, primarily impacting users running JavaScript bots with private keys on their servers. A root cause analysis indicated that the attack began with a spear phishing email targeting a member of the Solana npm organization.