Currencies38112
Market Cap$ 2.27T-1.76%
24h Spot Volume$ 42.03B+1.10%
DominanceBTC56.10%+0.94%ETH9.45%+0.45%
ETH Gas0.06 Gwei
Loading...
Loading...
Cryptorank
/

NPM Attack: Javascript Library Compromise Goes After Bitcoin Wallets


NPM Attack: Javascript Library Compromise Goes After Bitcoin Wallets

Share:

Predictions Markets

See what traders are focused on

View analytics →
Prediction Banner

Bitcoin Magazine

NPM Attack: Javascript Library Compromise Goes After Bitcoin Wallets

A major NPM developer, qix, has had their account compromised. It was used to push malware that targets and searches for bitcoin and cryptocurrency wallets on users devices. If detected, the malware would patch the code functions used to coordinate transaction signing, and replace the address a user is trying to send money to with one of the malware creator’s own addresses.

This should mostly be a concern for web wallet users, so in the Bitcoin ecosystem Ordinals or Runes/other token users, as unless an update for your normal software wallet happened to be pushed just earlier today with the compromised dependency, or if your wallet dynamically loads code directly from the wallet back end bypassing the app-store, you should be fine.

NPM is a package manager for Node.js, a popular Javascript framework. This means it is used to grab large sets of pre-written code used for common functionality to be integrated into different programs without the developer having to rewrite basic functions themselves.

The targeted packages were not cryptocurrency specific, but packages used by countless numbers of normal applications built with Node.js, not just cryptocurrency wallets.

If you are using a hardware wallet in combination with your web wallet, take extra care to verify on the device itself that the destination address you are sending too is correct before signing anything.

If you are using software keys in the web wallet itself, it would be advisable to not open them or transact until you are certain you are not running a vulnerable version of the wallet. The safest course of action would be waiting for an announcement from the team developing the wallet you use.

This post NPM Attack: Javascript Library Compromise Goes After Bitcoin Wallets first appeared on Bitcoin Magazine and is written by Shinobi.

Read the article at Bitcoin Magazine

In This News

Coins

$ 63.57K

-0.86%

$ 0.0746

-0.66%

$ 0.00...020

$ 0.0933

+0.47%

$ 0.000161


Predictions Markets

See what traders are focused on

View analytics →
Prediction Banner

Share:

In This News

Coins

$ 63.57K

-0.86%

$ 0.0746

-0.66%

$ 0.00...020

$ 0.0933

+0.47%

$ 0.000161


Predictions Markets

See what traders are focused on

View analytics →
Prediction Banner

Share:

Read More

Ethereum is losing ownership of crypto payments as Base moves $565B in stablecoins

Ethereum is losing ownership of crypto payments as Base moves $565B in stablecoins

Visa's adjusted June data shows L2s competing for the dollar flows that could define ...
Solana’s $8.7B RWA surge shows tokenized assets are finally starting to move

Solana’s $8.7B RWA surge shows tokenized assets are finally starting to move

RWA.xyz data shows Solana's RWA transfer volume more than doubled over 30 days, shift...