Following our latest update, we continued with the threat-focused hunting efforts, looking for indicators of compromise.
Relevant hits that require your attention will be mentioned in the AXON report.
Sincerely, Team AXON
Posted Dec 04, 2024 - 14:06 UTC
Investigating
Team AXON is aware of a supply chain attack that was detected in Solana's web3.js library. Compromised versions contained malicious code that was used to steal private keys from users, potentially allowing attackers to drain cryptocurrency wallets.
- The affected versions of the library are 1.95.6 and 1.95.7 - The vulnerability was already addressed by Solana and a safe and updated version of the library was released. - In addition, npm removed the affected versions so their download is no longer possible. - The attack appears to only affect projects that updated the library within the window of 3:20pm UTC and 8:25pm UTC on Tuesday, December 2, 2024.
If this library is used in your organization we recommend verifying that these compromised versions are not in use.
The team is actively searching for evidence of exploitations of this vulnerability in our customers’ environments.In case of identification of impacted customers, they will be notified directly.
Please don’t hesitate to contact us for further assistance or any relevant questions. Sincerely,