Phantom Wallet Confirms Safety Amid Solana Web3.js Vulnerability; Users Urged to Upgrade Immediately

Phantom, a leading wallet provider on the Solana (SOL) blockchain, has reassured users of its security following the discovery of a critical vulnerability in the Solana/Web3.js library. In a statement shared on X (formerly Twitter), Phantom's security team confirmed that the compromised library versions, 1.95.6 and 1.95.7, have never been integrated into their platform, ensuring that users’ assets remain secure.
Solana/Web3.js Compromise Exposes Private Keys
The vulnerability in the Solana/Web3.js library, revealed earlier today, poses significant risks to users. Trent Sol, a Solana developer, issued an urgent warning, emphasizing that the affected versions could enable attackers to exploit a “secret stealer” backdoor. This malicious feature can leak private keys used to safeguard wallets, leaving users vulnerable to theft.
Developers and products utilizing these compromised versions are strongly advised to upgrade to version 1.95.8 immediately. Trent also clarified that older versions, such as 1.95.5, remain unaffected by the vulnerability.
"Anyone using @solana/web3.js, versions 1.95.6 and 1.95.7 are compromised with a secret stealer leaking private keys. If you or your product are using these versions, upgrade to 1.95.8 (1.95.5 is unaffected)," Trent cautioned.
Swift Action Across the Solana Ecosystem
The broader Solana ecosystem has responded promptly to address the issue. Prominent projects, including Drift, Phantom, and Solflare, have informed their communities that their platforms are not affected by the compromised versions. These projects emphasized either avoiding the use of the vulnerable libraries or implementing additional security measures.
Developers and service providers across the ecosystem have been urged to review their dependencies and update to secure versions of the library to mitigate potential risks.
Security Concerns on the Rise in Blockchain Ecosystems
The disclosure of this vulnerability highlights the ongoing security challenges faced by blockchain ecosystems. Forensic analysis revealed that the malicious versions of the Web3.js library contained hidden commands designed to exfiltrate private keys to a wallet address controlled by attackers. Christophe Tafani-Dereeper, a cloud security researcher at Datadog, described the backdoor as sophisticated and deliberate.
This incident follows a similar event earlier this year involving the Python Package Index (PyPI). A malicious package, “solana-py,” was discovered impersonating the legitimate Solana Python API. It successfully stole Solana wallet keys from unsuspecting developers, resulting in over 1,100 downloads before being removed.
Conclusion
Phantom’s proactive communication reassures its users, but the incident serves as a stark reminder of the importance of maintaining robust security practices in the blockchain industry. Developers are encouraged to remain vigilant, regularly audit dependencies, and prioritize timely updates to safeguard users and platforms from emerging threats.
Disclaimer: The content on this website is for informational purposes only and does not constitute financial or investment advice. We do not endorse any project or product. Readers should conduct their own research and assume full responsibility for their decisions. We are not liable for any loss or damage arising from reliance on the information provided. Crypto investments carry risks.