A recent hack has drained approximately $155,000 from digital wallets linked to the Solana blockchain.
The attack was carried out through a backdoor slipped into the Web3.js open-source library, which is maintained by Solana.
According to Solscan.io, a site tracking Solana transactions, the wallet address involved in the theft received about 674.8 SOL, translating to the stolen funds. Some users have reported losing large amounts, with one individual claiming to have lost $20,000.
The backdoor is believed to have resulted from a social engineering or phishing attack targeting maintainers of the Web3.js library. Security firm Socket pointed out that an “addToQueue” function was inserted into version 1.95.7 of the library, allowing the exfiltration of private keys from affected apps.
Christophe Tafani-Dereeper, a security researcher, confirmed that the code used the sol-rpc[.]xyz domain as a command and control server, which was hosted behind Cloudflare at the time.
GitHub’s Advisory Database has since warned all affected users to immediately rotate their private keys and remove the compromised package.
It also stated that any computer running the backdoored code should be considered fully compromised, with no guarantees that removing the package will eliminate all malicious software.
