Hacker Steals $160k in Solana Supply Chain Attack

A hacker siphoned $160,000 worth of assets after pushing malicious code to a Solana Javascript Library.

Solana network participants have suffered over $160,000 in losses during a supply chain attack on December 3rd. 

Further losses were contained after Anza engineer trent.sol announced the vulnerability, encouraging teams across the ecosystem to update their solana/web3.js libraries and blacklist the exploiter’s wallet.

Fortunately for the bulk of Solana users, non-custodial wallets were unaffected. However, the event serves as a timely reminder to maintain rigorous security practices.

What Happened?

On December 3, a hacker compromised an account with publish access to solana/web3.js, a JavaScript library popular with Solana-based applications. 

The hacker was able to publish unauthorized and malicious packages to the library, essentially giving them access to private key data which was exploited to steal over $160k of user funds.

Anza engineer trent.sol was the first to sound the alarm, imploring ecosystem teams to upgrade their libraries to the latest version, which included a timely fix. 

Non-custodial wallets were completely unaffected by the hack. However, applications that ran private keys through the compromised library may have been vulnerable to attack. According to Step Finance Engineer Dana, this could affect trading bots and similar services.

While this may have rang alarm bells for thousands of traders using tools like Trojan, BONKbot, and Photon, these platforms were unaffected by the attack. At-risk bots were more likely to be privately operated, independent tools.

Other blockchain security specialists have suggested that the attack serves as a stark reminder for teams to secure not only their entire production line, but also their external applications. Phishing scams and social engineering attacks target victims in unsuspecting areas, often leading to widespread damage.

Anza Responds Quickly, Deploys Fix

In the wake of the attack, Anza published an official statement outlining the events. Within their statement Anza explicitly highlighted that the vulnerability didn’t affect the Solana protocol itself, and was rather an exploit within a specific library.

Despite limited details on how the hack occurred in the first place, Anza’a prompt resolution has been well-received by the Solana community.

Responding to disparaging comments about the Solana ecosystem as a whole, Streamflow founder Malisha praised Anza’s timely response to the hack, which may have prevented further losses.

The attack marks a decidedly quiet year for hacks and exploits on the Solana network, which lost considerably less to malicious actors when compared to rival chains in 2024.

Read More on SolanaFloor

Solana DeFi is consistently rubbing shoulders with CeFi

Are Solana DeFi Apps Replacing Centralized Trading Platforms?

Double-Check Your Crypto Security