reply on: EMERGENCY: Bitcoin Wallets Compromised! DO NOT SIGN TX Before Watching \ stacker news ~bitcoin

pull down to refresh

132 sats \ 5 replies \ @freetx 23h \ parent \ on: EMERGENCY: Bitcoin Wallets Compromised! DO NOT SIGN TX Before Watching bitcoin

Something about this story is strange: So a NPM library has been downloaded a billion times is suddenly discovered to have BTC address-swapping code?

The only way I can see that as plausible is if some major exchange: Binance / Coinbase, etc is using said NPM library. What other "wallets" could account for a billion downloads?

29 sats \ 2 replies \ @0xbitcoiner 23h

Yeah, I don't get it either. Good thing I use a wallet that doesn't use npm.

94 sats \ 1 reply \ @freetx 23h

So here is the gist of all the swap addresses extracted from malware. https://gist.github.com/jdstaerk/f845fbc1babad2b2c5af93916dd7e9fb

I've checked about 10 of the 'bc1' bitcoin ones and don't see any transactions.

I've also checked some of the eth ones on etherscan and don't see any meaningful activity on those....(a few .000015 transactions, that may be test from original malware developer, but nothing significant).

So what does this mean? A billion downloads and no transactions?

21 sats \ 0 replies \ @0xbitcoiner 23h

Me neither. maybe folks are stepping up their game and checking the full address instead of just the beginning and end.

10 sats \ 1 reply \ @Bell_curve OP 23h

https://www.aikido.dev/blog/npm-debug-and-chalk-packages-compromised

from @evankaloudis

11 sats \ 0 replies \ @freetx 23h

The code first checks for the existence of window.ethereum, an object injected by wallet extensions like MetaMask. If no wallet is found, it proceeds with a passive attack.

Hmm...yes I forgot about MetaMask....thats probably the intended target.