CVE-2024-54134: Malicious Package Compromise in the @solana/web3.js Library

ISGroup Cybersecurity

Solana is one of the most popular blockchain platforms, supporting over 3,000 decentralized applications (dapps) and consistently ranking among the top blockchains by total value locked (TVL), which exceeds $10 billion. Currently, there is no evidence of active exploitation nor a public proof-of-concept for CVE-2024-54134. However, the presence of malicious packages capable of stealing private keys highlights the need for urgent action to protect applications and users.

ProductSolana
Date2024-12-09 15:13:27
Information
  • Trending
  • Fix Available

Technical Summary

CVE-2024-54134 highlights a severe supply chain attack on the Solana ecosystem. Unauthorized and malicious versions of the JavaScript library @solana/web3.js (versions 1.95.6 and 1.95.7) were published due to the compromise of an account with publishing access. These versions were specifically designed to steal private key material, allowing attackers to drain funds from Solana dapps and bots that handle private keys directly.

Recommendations

Update Immediately: Ensure your application is using version 1.95.8 or later of the @solana/web3.js library.

[Callforaction-THREAT-Footer]