"A major NPM developer, qix, has had their account compromised. It was used to push malware that targets and searches for bitcoin and cryptocurrency wallets on users devices. If detected, the malware would patch the code functions used to coordinate transaction signing, and replace the address a user is trying to send money to with one of the malware creator's own addresses."
"This should mostly be a concern for web wallet users, so in the Bitcoin ecosystem Ordinals or Runes/other token users, as unless an update for your normal software wallet happened to be pushed just earlier today with the compromised dependency, or if your wallet dynamically loads code directly from the wallet back end bypassing the app-store, you should be fine."
"NPM is a package manager for Node.js, a popular Javascript framework. This means it is used to grab large sets of pre-written code used for common functionality to be integrated into different programs without the developer having to rewrite basic functions themselves. The targeted packages were not cryptocurrency specific, but packages used by countless numbers of normal applications built with Node.js, not just cryptocurrency wallets."
A compromised NPM developer account was used to publish malware that searches devices for bitcoin and cryptocurrency wallets, patches transaction-signing functions, and replaces recipient addresses with attacker-controlled addresses. The malicious packages targeted common Node.js libraries, not wallet-specific code, so many normal applications could have been affected. Web wallets and any wallet that dynamically loads backend code are at higher risk. Hardware wallet users should verify destination addresses on-device before signing. Software-key users should avoid transacting until wallets confirm they are not running vulnerable dependencies or have released patches.
Read at Bitcoin Magazine
Unable to calculate read time
Collection
[
|
...
]