Security researchers have uncovered a targeted npm supply-chain campaign—dubbed “Solana‑Scan”—that uses fake Solana developer tools to harvest wallet credentials and expose stolen data through a publicly accessible command-and-control web interface. The operation, disclosed in mid‑August 2025, represents a sharp escalation in attacks against the Solana ecosystem, blending heavy obfuscation, multi‑stage payloads, and developer‑facing social engineering to compromise high‑value workstations.
A Troubling History of Solana Supply‑Chain Attacks
The Solana‑Scan campaign did not materialize out of nowhere. Over the past twelve months, the Solana ecosystem has weathered repeated supply‑chain intrusions. In December 2024, attackers compromised the widely used @solana/web3.js library (versions 1.95.6 and 1.95.7), which counts more than 3,000 dependent projects and 400,000 weekly downloads. Malicious code inserted into those versions exfiltrated private keys through a Cloudflare‑headed HTTPS request to a newly registered domain, sol‑rpc[.]xyz. The breach was traced to a compromised maintainer account, and affected applications that updated during the narrow five‑hour window before the malicious versions were taken down.
Earlier in 2024, a typosquatting campaign exploited the name confusion between the legitimate “solana” PyPI package and the “solana-py” GitHub repository to push a weaponized version that stole secrets. Another incident in March used fake BIP39‑related packages to target wallet seed phrases. These recurring themes—impersonating trusted tooling, exfiltrating keys through seemingly innocuous channels like SMTP or HTTPS, and leveraging developer trust—set the stage for Solana‑Scan.
Inside the Solana‑Scan Campaign
Fake Packages That Lure Developers
The Solana‑Scan campaign’s operators published malicious packages under the handle “cryptohan,” with names deliberately crafted to resemble genuine Solana SDK utilities. Researchers observed packages such as solana‑pump‑test, solana‑spl‑sdk, and similar “pump” or “scanner” themed modules. These titles play on developers’ appetite for convenience tools, making it easy for a hurried coder to pull the package without a second thought. Associated GitHub repositories and README files added a thin veneer of legitimacy, a tactic seen in earlier incidents.
A Two‑Stage Payload That Snoops and Scavenges
Once installed, the package executes a heavily obfuscated first‑stage launcher that performs environment reconnaissance: it collects usernames, working directory paths, npm install methods, and other metadata. This information allows the attacker to profile the victim’s setup and tailor subsequent actions. The second stage then initiates a broad file sweep across user directories—Documents, Desktop, Downloads, and project folders. It hunts for files with extensions common to secrets storage (.env, .json, .txt, .one) and applies regex patterns to extract:
- Private keys (base58‑encoded Solana keys, keypair files)
- Mnemonic seed phrases (BIP39‑style)
- API keys and exchange credentials
- Configuration files containing tokens
The payload aggregates matched artifacts and exfiltrates them to the attacker’s command‑and‑control server. To avoid detection, it employs geographic checks (acting only in certain locales) and skips common honeypot indicators.
Exposed C2 Interface: A Window into Victim Data
In a striking operational failure, the Solana‑Scan C2 infrastructure surfaced stolen victim data on an open web dashboard. Researchers were able to browse the portal and gauge the scale of the compromise, observing files collected from multiple victims. Initial analysis suggested a geographic clustering around Moscow, Russia—a detail that prompted speculation about whether the campaign specifically targeted Russian crypto developers. The C2 hosting infrastructure, however, was geolocated to the United States, complicating any hasty attribution. While one researcher floated the hypothesis of a state‑linked defensive operation, the public evidence remains circumstantial. Regardless of the actor’s identity, the exposed interface offered a rare, unflattering look at the campaign’s reach.
Obfuscation, AI‑Artifacts, and Evasion
The JavaScript payloads employed deep obfuscation, with analysts noting scattered diagnostic console lines and emoji usage that hinted at AI‑assisted code generation. Such artifacts complicate attribution but may indicate an adversary streamlining development with modern coding aids. The code also exhibited evasive traits: some variants attempted to persist within project structures even after a standard node_modules purge, and earlier Solana‑themed malware often adopted a “98% benign, 2% malicious” execution strategy to prolong dwell time and reduce suspicion.
Detection Blind Spots and Why Traditional Defenses Fail
Solana‑Scan exploits fundamental weaknesses in how developer environments are secured:
- Postinstall scripts—like
npm installhooks—execute arbitrary JavaScript with full developer privileges. Many static SCA (software composition analysis) tools merely scan the package tarball and never emulate runtime behavior, allowing the launcher to assemble or fetch dynamic code undetected. - Obfuscation and multi‑stage loaders defeat hash‑based detection. The malicious logic hides behind a benign‑looking first stage that activates only after environment checks.
- Exfiltration blending uses standard channels (HTTPS to seemingly legitimate endpoints, or SMTP to Gmail) that enterprise firewalls often allow. A previous Solana‑targeting campaign abused Gmail’s SMTP service because most organizations permit outbound connections to smtp.gmail.com.
- Developer workstations are treasure troves of secrets—private keys, cloud tokens, signing credentials—yet often lack the rigorous endpoint monitoring applied to production servers. Malware executing during build or test phases can easily slip through.
Indicators of Compromise (IOCs) and Verification Guidance
Several package names and artifacts have been made public. However, defenders should cross‑reference any IOC with multiple threat intelligence feeds before implementing automated blocks.
- Malicious package names:
solana-pump-test,solana-spl-sdk,solana-pump-sdkand similarly branded strings. - Publisher alias: “cryptohan”.
- Network artifacts: Outbound connections were reported to external HTTP endpoints; some analyses mentioned port 3000/HTTP traffic. In earlier attacks, exfiltration via
smtp.gmail.comwas observed. The specific C2 IP addresses and host fingerprints from a single report have not been independently corroborated by public telemetry. - File hashes: Limited sets exist in some write‑ups, but an exhaustive, cross‑validated list is not yet available. Treat single‑source hashes with caution.
For automated enforcement, consult vendor databases such as Snyk, Socket, and GitHub advisories. For instance, the earlier @solana/web3.js compromise is recorded as CVE‑2025‑???? and GHSA‑jcxm‑7wvp‑g6p5; the Solana‑Scan packages have been flagged on Socket and libraries.io.
Practical Mitigation Playbook
Immediate Triage (if you suspect infection)
- Treat the host as fully compromised. Rotate all keys and tokens used on that machine—wallet keypairs, API keys, SSH keys—from a clean environment.
- Isolate the affected host from the network and preserve forensic artifacts (npm cache,
node_modules, lockfiles, system logs). - Search source trees and user directories for known IOC filenames or unexpected
postinstallscripts inpackage.json.
Scanning and Detection
- Deploy runtime package scanners that evaluate postinstall and require‑time behaviors, not just static tarball contents. Integrate vendor feeds (Socket, Snyk, OSS Rebuild outputs) into your CI/CD pipeline.
- Monitor outbound connections from developer endpoints for unusual HTTPS destinations or SMTP traffic to consumer services like Gmail.
Developer Hygiene
- Pin dependencies via lockfiles and require explicit approval for any change to
package.jsonorpackage-lock.json. Never upgrade transient dependencies without a review. - Run all third‑party scripts in ephemeral, sandboxed containers. Never store long‑lived secrets on the same host that executes untrusted code.
- Enforce hardware‑backed 2FA for registry accounts and use short‑lived, scope‑limited publish tokens.
Build Hardening
- Adopt reproducible builds and provenance checking (e.g., OSS Rebuild style) to verify that published artifacts match the source. This can detect stealthy binary drops.
- Integrate SBOMs and continuous SCA checks into CI, blocking builds that introduce unapproved dependencies.
Operational Response
- Maintain a curated allowlist of trusted package maintainers. Require multi‑person approval for new dev dependencies in shared repositories.
- Prepare playbooks for key rotation, incident notification, and public disclosure. Swift, transparent action reduces the attacker’s window of opportunity.
Why Developer Workstations Are Prime Targets
A compromised developer laptop or CI agent is a gateway to organizational secrets. Solana‑Scan’s scavenger design—scanning ~/Documents, ~/Desktop, and ~/Downloads for credential files—directly seeks out the artifacts that developers routinely stash for testing. Once an attacker obtains private keys, they can drain cryptocurrency wallets, forge commits, or pivot to cloud infrastructure. The supply‑chain vector amplifies impact: a single malicious package can infect hundreds of projects that depend on it, potentially affecting production services and end‑user wallets.
What Comes Next
The Solana‑Scan incident underscores that static dependency checking is no longer enough. Defenders must combine runtime analysis, network egress monitoring, and rigorous credential hygiene. As AI‑assisted development and obfuscation tools become more common, malicious packages will grow harder to spot through manual review alone. The open‑source community must raise the baseline: stronger registry verification, publish‑token security, and developer education are essential. Until then, campaigns like Solana‑Scan will continue to exploit the trust gap between convenience and security.
For now, every developer working with blockchain tooling should audit their node_modules, verify the provenance of dependencies, and assume that any third‑party package could be a vector. The next Solana‑Scan may already be lurking.