Phantom Wallet ist vor dem Solana -Lieferkettenangriff sicher

Phantom Wallet ist sicher, trotz Spekulationen, dass es im Rahmen eines Solana -Lieferkettenangriffs kompromittiert worden sein könnte. Solana Benutzer wurden entlarvt, nachdem bösartiger Code in eine Web3-JS-Bibliothek für Solana eingeschleust wurde.

Phantom Wallet gab bekannt, dass es nicht von dem Solana -Lieferkettenangriff betroffen sei, der in einer der Open-Source-Web3-Bibliotheken entdeckt wurde. Das Wallet hat keine Exploits auf seiner Seite gemeldet, obwohl eine unbekannte Anzahl von Benutzern betroffen sein könnte. Das Wallet selbst nutzt keine der kompromittierten Versionen.

Phantom ist von dieser Sicherheitslücke nicht betroffen.

Unser Sicherheitsteam bestätigt, dass wir niemals die ausgenutzten Versionen von @ solana /web3.js https://t.co/9wHZ4cnwa1 verwendet haben

– Phantom (@phantom) 3. Dezember 2024

Solana builders and users may have been exposed to two malicious versions of web3.js, 1.95.6 and 1.96.7. The earlier version is safe, as well as an upgrade to version 1.95.8.

The attack was noticed on December 2 and it affected apps, bots, and custodial services. The widely used library contained code that requested and broadcast private keys, thus compromising user wallets.

Based on the records of the Anza development firm, the account was exposed for around 5 hours on December 2, which limited the number of potential downloads during that time window.

The suspected versions were immediately unpublished, but apps and projects may have their multisig or other credentials exposed.

For now, there is no data about any major Solana apps or accounts changing their wallets or storage. The last transaction to the exploiter wallet was from December 3, further suggesting the exploit affected a limited number of users.

In the meantime, one of the identified wallets is moving funds to a new account with a high balance of SOL and other assets, including Jupiter (JUP). The new account has been identified as a high-balance wallet by Nansen. None of the proceeds from the hack have been traded or disguised, as with other hacks.

Limited gains from Solana wallets drained in exploit

While far-reaching, the attack did not seem to affect high-value wallets. The identified exploiter wallet withdrew around $160K in SOL and nine tokens valued at $31,300. The attacker ended up testing wallets with billions of transaction requests, suggesting there may be many more unknown affected wallets.

One of the reasons for the limited exploit haul is that the Solana network still has more than 35% failure rate for its transactions. However, the attempts suggest the exploiter may have gained more private keys through exposed apps.

The attack happened through a social engineering attack, which allowed the malicious actors to gain access to the web3.js library depository. Reportedly, the project’s builders received a phishing link where the attackers requested and gained access. The malicious dataset has been flagged and is available for researchers through GitHub.

Supply chain attacks emerged in the past year, with Lottie player also used as a vector to gain access to wallets. However, a direct targeting of private keys is a more rare type of attack. In the case of Solana apps, the exploiter managed to obtain private keys since some apps also required the same information for legitimate purposes.

While most Solana apps have proven safe, the recent influx of new retail users is exposing some of the potential vulnerabilities.

Responsibility for code dependencies and usage lies with projects. With fast building, the web3.js library has been downloaded more than 350K to 400K times in a week, leading to wider potential exposure.

Solana wallet attacks are a key risk

Solana drainers are becoming more active, and one of the few things that prevents bigger exploits is the fact that most wallets still contain under 1 SOL.

One of the risks is that once exposed to a drainer, a Solana wallet is always at risk. Solana wallets also cannot revoke their permissions as in Ethereum.

The Solana network is still not as heavily exploited as Ethereum, but has a prevalence of attacks against personal wallets. One of the vectors include Telegram, which can be connected to a Solana wallet for bot usage or easier trading.

Using the same Telegram credentials also means that the wallet may be exposed and drained by malicious apps. The best approach is to use a dedicated wallet for storage, and another one for Web3 tasks.

Land a High-Paying Web3 Job in 90 Days: The Ultimate Roadmap

Quelle