Phantom has confirmed that it has not been affected by a vulnerability discovered in the Solana library, i.e. Solana/web3.js.
Phantom, a wallet provider running on the Solana (SOL) blockchain, confirmed it is safe after a recent vulnerability was discovered in the Solana/Web3.js library. According to a statement posted on X, the Phantom security team verified that the compromised versions of the library- 1.95.6 and 1.95.7 – will never be utilized in their infrastructure, assuring their users that their platform is secured.
Earlier today, Trent Sol, a Solana developer, warned users about the compromised library. He informed users that these versions could put users at risk of secret stealer attacks, which are capable of leaking private keys used to access and secure wallets. Products and developers using the compromised versions should upgrade to version 1.95.8., urged Trent. However, previous versions, such as 1.95.5, remain unaffected by the issues.
Solana ecosystem addresses Web3.js vulnerability
The Solana ecosystem has been quick to respond to addressing the vulnerability. Important projects such as Drift, Phantom, and Solflare have informed their communities that they are not affected as they either do not put to use the compromised version or have other security measures that keep them safe. The ecosystem’s developers and projects are also urged to check their dependencies and update their libraries to ensure funds and data remain secure.
Rise in vulnerabilities
Trent Sol’s disclosure of vulnerability reflects a larger challenge of security that blockchain ecosystems often have to tackle. Forensic analysis shows that the broken versions of the library held hidden commands meant to capture and transmit private keys to a wallet named FnvLGtucz4E1ppJHRTev6Qv4X7g8Pw6WPStHCcbAKbfx. Cloud security researcher Christophe Tafani-Dereeper from Datadog underscored the sophistication of the backdoor at Bluesky.
Such risks have become increasingly common, as evidenced by a malicious package incident earlier this year, reported by The Hacker News, involving the Python Package Index, commonly known as PyPl. The package, “solana-py“, masqueraded as the legitimate Solana Python API to steal Solana wallet keys and exfiltrate them to an attacker-controlled server. It also exploited naming similarities to trick developers, leading to 1,122 downloads before its removal.