Solana

Solana experienced a significant cyber incident where malicious npm and PyPI packages were used to steal Solana private keys, resulting in financial losses for the victims. The attackers deployed typosquatting techniques to mimic popular libraries and exfiltrated private keys using Gmail's SMTP servers. Not only were private keys stolen, but the malicious packages could programmatically drain up to 98% of the victims' wallet funds to an attacker-controlled address, leaving behind a small percentage to avoid raising immediate suspicion. Despite experts flagging these malicious packages, they remained live at the time of the report's publication. The incident entailed carefully crafted attacks using GitHub repositories to lend credibility to the malware and to target a broader audience beyond the npm ecosystem.

Source: https://securityaffairs.com/173249/cyber-crime/malicious-npm-and-pypi-target-solana-private-keys.html

"id": "sol000012725",
"linkid": "solanalabs",
"type": "Cyber Attack",
"date": "1/2025",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"