NPM Attack: Javascript Library Compromise Goes After Bitcoin Wallets
Bitcoin Magazine NPM Attack: Javascript Library Compromise Goes After Bitcoin Wallets A major NPM developer, qix, has had their account compromised. It was used to push malware that targets and searches for bitcoin and c...
Archive context
Older archive item. Useful for background and entity history, but not a fresh market-moving signal.
Bitcoin Magazine
NPM Attack: Javascript Library Compromise Goes After Bitcoin Wallets
A major NPM developer, qix, has had their account compromised. It was used to push malware that targets and searches for bitcoin and cryptocurrency wallets on users devices. If detected, the malware would patch the code functions used to coordinate transaction signing, and replace the address a user is trying to send money to with one of the malware creator’s own addresses.
This should mostly be a concern for web wallet users, so in the Bitcoin ecosystem Ordinals or Runes/other token users, as unless an update for your normal software wallet happened to be pushed just earlier today with the compromised dependency, or if your wallet dynamically loads code directly from the wallet back end bypassing the app-store, you should be fine.
NPM is a package manager for Node.js, a popular Javascript framework. This means it is used to grab large sets of pre-written code used for common functionality to be integrated into different programs without the developer having to rewrite basic functions themselves.
The targeted packages were not cryptocurrency specific, but packages used by countless numbers of normal applications built with Node.js, not just cryptocurrency wallets.
If you are using a hardware wallet in combination with your web wallet, take extra care to verify on the device itself that the destination address you are sending too is correct before signing anything.
If you are using software keys in the web wallet itself, it would be advisable to not open them or transact until you are certain you are not running a vulnerable version of the wallet. The safest course of action would be waiting for an announcement from the team developing the wallet you use.
This post NPM Attack: Javascript Library Compromise Goes After Bitcoin Wallets first appeared on Bitcoin Magazine and is written by Shinobi.
Why this matters
This bitcoin story adds another data point to the current market tape and is useful when read alongside nearby source coverage.
Original source
Read on Bitcoin MagazineRelated market context
Cardano’s wallet hack exposed the user layer holding its on-chain government together
EMURGO said it is stepping down from its role in Pentad, the five-member group coordinating Cardano's infrastructure funding, to f...
Binance CEO Richard Teng says 70% of EU withdrawals went to self-hosted wallets, not regulated platforms
The shift to self-hosted wallets highlights potential gaps in regulatory frameworks, challenging the effectiveness of consumer pro...
Phantom pulls on-chain perps into the US wallet war ahead of July 9 deadline
On July 9, Phantom and the Hyperliquid Policy Center urged the CFTC to remove rules they say “unduly impede” fintech firms from wo...
A $293 billion fight over Satoshi’s Bitcoin just got a lot more complicated
A lawsuit seeking legal ownership of long-dormant Bitcoin addresses, including wallets tied by researchers to Bitcoin’s earliest m...
Interpol Links $122M Crypto Wallet to Romance Scams in Global Fraud Crackdown
A criminal wallet at the center of an international police operation moved more than $122.5 million in cryptocurrency over ten mon...
Why Bitcoin ATMs are becoming the last stop in America’s $11B crypto scam pipeline
Crypto scams start online with a fake bank alert, a cloned voice, a romance message, or a tech-support pop-up. Then, the last inst...