A recent report by Socket.dev revealed the presence of a malicious code in the library @solna/web3.js, which records more than 350 thousand downloads per week in the NPM repository. The malicious changes were found in the web3.js versions 1.9.6 and 1.95.7, which included code integration for sending private keys to an external server. The integrity of the project was restored with the release of version 1.95.8. The analysis of the incident is ongoing, but preliminary findings suggest that the harmful releases were introduced through compromised maintainer accounts using social engineering and phishing methods.
The library web3.js serves as the official JavaScript SDK for working with the SOLANA cryptocurrency across browser-based applications, Node.js platforms, and React Native. Developed by SOLANA LABS, the project also oversees the mobile application and reference implementation of the SOLANA blockchain. SOLANA cryptocurrency currently ranks fifth in market capitalization, trailing behind Bitcoin, Ethereum, XRP, and USDT.
The attack posed a risk of funds withdrawal from applications utilizing the compromised version of Web3.js. However, it has been noted that fund theft could impact only decentralized applications (Dapps) and bots directly engaging with private keys. Regular customer wallets not directly using private keys in transactions are not affected.
Presently, the Web3.js library is listed as a dependency for 3262 projects in the NPM catalog and is utilized in web applications running through web browsers. DAPPS applications leveraging Web3.js need to