@solana-labs/web3.jsnpm
Malicious code in @solana-labs/web3.js (npm) Remove it immediately and rotate any exposed credentials.
What this malware does
Package @solana-labs/web3.js impersonates the legitimate @solana/web3.js and re-exports it as cover while running a malicious postinstall (node install.js). On npm install, install.js performs sandbox-evasion checks (hostname pattern scoring for Docker/AWS/CI runners, /proc/uptime, presence of strace/tcpdump/auditd, AWS metadata 169.254.169.254, security-tooling dependencies) and aborts if it detects analysis. Otherwise it enumerates installer secrets — ~/.ssh/id_rsa, ~/.aws/credentials, ~/.config/solana/id.json, .env files, and scrapes process.env for KEY/SECRET/MNEMONIC/NPM/GITHUB tokens — and harvests crypto material including ETH private keys (/0x[a-fA-F0-9]{64}/), Solana 64-byte arrays, and AWS keys. Stolen data is tagged [ETH]/[SOLANA]/[AWS]/[SSH]/[NPM]/[GITHUB] and exfiltrated to api.telegram.org/bot<token>/... using XOR-obfuscated bot token, chat ID, and HMAC auth secret embedded in install.js. install.js then enters a long-poll loop against Telegram getUpdates accepting commands /keys, /ssh, /env, /wallet, /sh <cmd>, and bare text, executing them via execSync (PowerShell on Windows) and returning output to the attacker — a full reverse-shell C2 backdoor. Persistence is established via a @reboot sleep 90 && node <path> crontab entry. A hardcoded Solana drain address D4hGgKKaBFZV1NUTWvYRwbpu8HHr3qmDfHyKCTLqbaE7 is present for wallet theft.
Malicious versions
Indicators of compromise (SHA-256)
Detection & response playbook
Credential / info stealerFind it
Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for @solana-labs/web3.js (6 malicious versions). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging @solana-labs/web3.js across your stack and pipelines.
If you installed it — respond
@solana-labs/web3.js is built to steal secrets, so assume every credential the build or runtime could read is compromised. Remove it from your project and lockfile, then rotate ALL exposed secrets — npm/registry tokens, cloud keys, CI/CD secrets, SSH keys, and any .env values — from a known-clean machine. Audit logs for unauthorized use of those credentials.
Did it already run?
If @solana-labs/web3.js was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.
How O3 protects you
O3 blocks @solana-labs/web3.js before install through its supply-chain scanner, and if it has already run, detects and severs the exfiltration or C2 callback at runtime through L7 egress monitoring and eBPF.
Frequently asked questions
Campaign
References
Credits
- Amazon Inspector · finder
Detect & block this
O3 blocks @solana-labs/web3.js-class packages before install and in CI — and if it already ran, its runtime egress monitoring catches the credential exfiltration and severs the channel.