In the last day, a recent supply-chain attack against the Solana Network ecosystem was swiftly contained.
Anza, an Anza-focused team of developers, announced on Dec. 3 that a compromised account had publish access to solana/web3.js JavaScript.
The attacker could inject malicious packages that contained private key information, and drain funds from applications that use private keys.
Solana blockchain safe
This attack was not able to affect wallets that are not in custody, because they do not reveal private keys when making transactions. The developers clarified that this issue was specific to JavaScript and did not affect the Solana Protocol.
Mert Momtaz is a Solana advocate who reassured his community of the containment of the incident. “nothing to do with the security of the [Solana] blockchain itself.”
He explained the problem mainly affected those developers running JavaScript bots, or backend systems that use private keys. Wallets and end-users were not affected as private keys aren’t exposed.
In the meantime, several Solana based projects such as Phantom and Backpack exchange confirmed that they were not affected by the exploit.
Phantom, the most popular Solana wallet, emphasized that they had never used the compromised versions of @solana/web3.js, ensuring their users’ security remained intact.
Six-figure loss
The incident was quickly contained but the developer DeFiLlama 0xngmi, who used the pseudonym DeFiLlama 0xngmi to report the loss of six-figure sums by some investors.
According to data on-chain, the malicious attack led to an estimated stolen asset value of $160,000. This was primarily SOL. The attacker’s address held over $161,000 worth of SOL and additional tokens valued at over $31,000.
0xngmi says that the losses are significant but the damages could have been much worse. He explained that the hacker’s direct targeting of private keys may have limited the attack’s potential as a more sophisticated exploit, such as the one seen in last year’s Ledger hardware wallet compromise, could have been far more destructive.
The attackers in that case replaced a valid library with one containing malicious code, which resulted in damages of more than $610,000
Postings in: Technology, Wallets, Featured Author 
Oluwapelumi Adejumo
Oluwapelumi is a believer in Bitcoin. He gives insights into a variety of topics, including DeFi hacking, mining, and culture.
@hardeyjumoh LinkedIn Email Oluwapelumi Editor
Liam ‘Akiba’ Wright
Also known by “Akiba,” Liam Wright hosts the SlateCast and is Editor-in chief at CryptoSlate. He is a firm believer that the decentralized technologies have the power to bring about positive changes.
@akibablade Share LinkedIn Editor Ad 
TRON DAO, as Platinum Sponsor at Berkeley Security Summit highlights a year-long blockchain education with the TRON Developer Tour
Did you know that over $140 billion dollars in Bitcoin, or about 20% of the entire Bitcoin supply, is currently locked in inaccessible wallets? Or maybe you have lost access to your Bitcoin wallet? Don’t let those funds remain out of reach! AI Seed Phrase Finder is here to help you regain access effortlessly. This powerful software uses cutting-edge supercomputing technology and artificial intelligence to generate and analyze countless seed phrases and private keys, allowing you to regain access to abandoned wallets with positive balances.
