A supply chain attack has compromised Solana's popular web3.js npm library, which has over 400,000 weekly downloads. Malicious versions 1.95.6 and 1.95.7 of the library were released, containing a backdoor in the 'addToQueue' function that allowed attackers to steal private keys. This breach has reportedly resulted in approximately $184,000 in stolen assets, including SOL tokens and other cryptocurrencies, according to Solscan data. The attack, which began on December 2, 2024, targeted various entities, including bots, custodial services, and decentralized applications (dApps). Solana developers are currently addressing the fallout from this incident as they work to secure the library and protect users' assets.