Phantom Assures Users of Wallet Security after Solana Library Vulnerability | Coinspeaker
LightChain

Phantom Assures Users of Wallet Security after Solana Library Vulnerability

A detailed analysis revealed that the compromised library versions contained hidden code designed to steal private keys and send them to a specific wallet address.

Temitope Olatunji By Temitope Olatunji Julia Sakovich Edited by Julia Sakovich Updated 3 mins read
Phantom Assures Users of Wallet Security after Solana Library Vulnerability
Photo: Phantom / X

Key Notes

  • Phantom confirmed its security team prevented any impact from the Solana library vulnerability.
  • Solflare and Drift also reassured users, stating they were not impacted.
  • The vulnerability risked private key theft, emphasizing blockchain security issues.

Phantom, a crypto wallet provider on the Solana  SOL $256.2 24h volatility: 2.2% Market cap: $124.58 B Vol. 24h: $8.77 B blockchain, has informed its users that its platform remains secure despite a vulnerability found in the Solana/Web3.js library. The wallet provider announced on its X page that its security team has confirmed it never used the exploited versions of the library (1.95.6 and 1.95.7). Through this announcement, Phantom is reassuring its users that the vulnerability does not affect their wallets or funds.

The issue originated from a post by Solana developer Trent.sol, who warned users that versions 1.95.6 and 1.95.7 of the Solana/web3.js library were compromised by a vulnerability that leaks private keys, putting users’ funds at risk. He advised users of these versions to immediately upgrade to version 1.95.8. He also called on services with blacklisting capabilities to block the specified wallet address potentially associated with the exploit.

Many of Phantom’s users have praised its security assurance. One crypto commentator wrote that Phantom keeps winning while others panic. However, another suggested that the wallet provider should improve its security by adding extra layers to prevent wallet draining.

Other Solana Projects React to the Web3.js Library Issue

Other projects running on the Solana blockchain have also addressed the vulnerability. Solflare, another wallet provider on the SOL blockchain, stated on its X page that it is not affected by the recent security issue involving the Solana web3.js library. It added that it uses fixed software versions and carefully checks its code to prevent attacks. Solflare wrote:

“Solflare is not impacted by the recent issue with solana/web3.js. We enforce version locking and conduct rigorous code reviews, both manual and automated, to protect against supply-chain attacks. Your keys remain safe and secure with Solflare.”

Similarly, Drift, a decentralized exchange on Solana, has addressed the issue, stating that it was not affected by the vulnerability and that its Drift codebase does not depend on the two compromised versions of Solana/web3.js.

Security Challenges Persist for Blockchain Systems

The disclosure of this vulnerability by trent.sol shows the ongoing security challenges in blockchain systems. A detailed analysis revealed that the compromised library versions contained hidden code designed to steal private keys and send them to a specific wallet address.

Socket, a developer security platform, explained the potential impact of the malicious activity, stating that developers who integrate the compromised version into their projects could expose their private keys, while users of apps built with the compromised library could lose their funds if their private keys are taken.

“Developers integrating these versions into their projects risk exposing their private keys. Users of applications relying on the compromised library may have their wallets drained if private keys are compromised,” Socket explained.

Disclaimer: Coinspeaker is committed to providing unbiased and transparent reporting. This article aims to deliver accurate and timely information but should not be taken as financial or investment advice. Since market conditions can change rapidly, we encourage you to verify information on your own and consult with a professional before making any decisions based on this content.

Solana (SOL) News, Cryptocurrency News, News
Temitope Olatunji

Temitope is a writer with more than four years of experience writing across various niches. He has a special interest in the fintech and blockchain spaces and enjoy writing articles in those areas. He holds bachelor's and master's degrees in linguistics. When not writing, he trades forex and plays video games. 

Temitope Olatunji on X