SOLANA vulnerability CVE-2024-54134
@solana/web3.js JavaScript library, which is widely used by decentralized applications (dApps) on the Solana blockchain. This vulnerability arose from a supply chain attack that compromised a publish-access account, allowing attackers to release malicious versions of the library capable of stealing private keys and draining funds from users' wallets.Details of the Attack
On December 3, 2024, versions 1.95.6 and 1.95.7 of
@solana/web3.js were published with malicious code embedded within them. This code was designed to exfiltrate private key information through a function named addToQueue, which masqueraded as legitimate Cloudflare headers. The attack was reported to have resulted in the theft of approximately $160,000 from affected users.Mechanism of Compromise
The attack appears to have been facilitated by a phishing campaign targeting the maintainers of the library. Once the attackers gained access to the publish-access account, they were able to modify and publish unauthorized packages. The malicious code specifically targeted dApps that directly handle private keys, making it particularly dangerous for developers who updated their libraries during a specific time window between 3:20 PM UTC and 8:25 PM UTC on December 3, 2024.
Impact on Users
The vulnerability primarily affects projects that handle private keys directly, such as bots or wallets that do not utilize non-custodial methods. Non-custodial wallets are generally safer in this context as they do not expose private keys during transactions. Developers using the compromised versions are urged to upgrade immediately to version 1.95.8, which has been released to address this issue.
Recommendations for Developers
Developers who suspect they may have been compromised should take immediate action by rotating any potentially affected authority keys, including:- Multisig keys
- Program authorities
- Server keypairs
Conclusion
CVE-2024-54134 highlights the vulnerabilities present in open-source software ecosystems, particularly regarding supply chain attacks. The incident serves as a reminder for developers to remain vigilant about security practices, including regular updates and audits of dependencies. As the cryptocurrency landscape continues to evolve, maintaining robust security measures is essential for protecting both developers and users alike.Example of Safe Practices
To mitigate risks associated with such vulnerabilities, developers should consider implementing the following practices:- Regularly update dependencies: Ensure all libraries are up-to-date and monitor for any security advisories.
- Use non-custodial wallets: Where possible, opt for wallet solutions that do not expose private keys.
- Conduct security audits: Regularly review code and dependencies for potential vulnerabilities.
- Educate teams on phishing attacks: Provide training on recognizing phishing attempts to prevent account compromises.
https://github.com/solana-labs/solana-web3.js/security/advisories/GHSA-jcxm-7wvp-g6p5