Phantom is safe from Solana Web3.js vulnerability; users are advised to upgrade soon

by

As a seasoned crypto investor with a knack for navigating the treacherous waters of blockchain technology, I must say that the recent vulnerability disclosed in the Solana/web3.js library has me on edge. However, it’s reassuring to see Phantom, one of my favorite wallet providers, swiftly confirming their safety amidst this crisis. Their proactive approach and transparency are commendable.

Phantom assures users that no impact from the recently found vulnerability within the Solana web3.js library has been observed on their platform.

Assuring users, Phantom – a digital wallet operating on the Solana blockchain – has declared itself secure following the discovery of a vulnerability within the Solana/Web3.js library. The Phantom team has verified and confirmed that the affected versions of this library (1.95.6 and 1.95.7) will not be used in their system infrastructure, ensuring users that their platform remains safe.

Users employing the @solana/web3.js library with versions 1.95.6 and 1.95.7 are vulnerable to a secret stealer that exposes private keys. If you or your product is operating these versions, it’s highly recommended to update to version 1.95.8 (version 1.95.5 is safe).

For those who manage services capable of blacklisting addresses, please take appropriate action with…

— trent.sol (@trentdotsol) December 3, 2024

This afternoon, Solana developer Trent Sol issued a warning about a library that had been compromised. He explained that utilizing these affected versions could potentially expose users to secret-stealing attacks, which can leak keys used for accessing and securing wallets. Trent recommended upgrading to version 1.95.8 for both products and developers using the vulnerable versions. He added, though, that earlier versions like 1.95.5 are not impacted by these problems.

According to our Security Team, Phantom has never employed the vulnerable versions of @solana/web3.js. Hence, it remains unaffected by this vulnerability.

— Phantom (@phantom) December 3, 2024

Solana ecosystem addresses Web3.js vulnerability

Within the Solana network, swift actions have been taken to tackle a potential vulnerability. Notably, significant projects like Drift, Phantom, and Solflare have reassured their user bases that they’re unaffected because either they don’t use the vulnerable version or they have additional safety measures in place. Moreover, developers and projects within the ecosystem are being advised to review their dependencies and update their libraries to maintain the security of funds and data.

Rise in vulnerabilities

Trent Sol’s revelation about a vulnerability in his code points to a common issue with security within blockchain networks. Investigation reveals that certain faulty versions of the library contained covert instructions designed to seize and transfer private keys to a wallet identified as FnvLGtucz4E1ppJHRTev6Qv4X7g8Pw6WPStHCcbAKbfx. Datadog’s cloud security expert, Christophe Tafani-Dereeper, emphasized the complexity of the hidden backdoor found in Bluesky.

Exclusive Findings: In version 1.95.7, a secret “addToQueue” feature has been covertly integrated, which stealthily transmits the private key using apparently authentic CloudFlare header specifications. This function is strategically placed in various locations where it normally interacts with the private key for legitimate purposes.

— Christophe Tafani-Dereeper (@christophetd.fr) 2024-12-03T23:47:18.004Z

The occurrence of such risks has grown more frequent, as demonstrated by a malicious package event this year, detailed by The Hacker News, targeting the Python Package Index (PyPl). This rogue package, named “solana-py”, posed as the genuine Solana Python API to pilfer Solana wallet keys and transfer them to an attacker’s server. Furthermore, it capitalized on similar names to deceive developers, resulting in 1,122 downloads before its removal.

Read More

2024-12-04 09:08