Buy CryptoMarketsSpotFuturesGOLDEarnEvent Center
More
Commodity Zero-Fee Gala
The post Javascript Library Compromise Goes After Bitcoin Wallets appeared on BitcoinEthereumNews.com. A major NPM developer, qix, has had their account compromised. It was used to push malware that targets and searches for bitcoin and cryptocurrency wallets on users devices. If detected, the malware would patch the code functions used to coordinate transaction signing, and replace the address a user is trying to send money to with one of the malware creator’s own addresses. This should mostly be a concern for web wallet users, so in the Bitcoin ecosystem Ordinals or Runes/other token users, as unless an update for your normal software wallet happened to be pushed just earlier today with the compromised dependency, or if your wallet dynamically loads code directly from the wallet back end bypassing the app-store, you should be fine. NPM is a package manager for Node.js, a popular Javascript framework. This means it is used to grab large sets of pre-written code used for common functionality to be integrated into different programs without the developer having to rewrite basic functions themselves. The targeted packages were not cryptocurrency specific, but packages used by countless numbers of normal applications built with Node.js, not just cryptocurrency wallets. If you are using a hardware wallet in combination with your web wallet, take extra care to verify on the device itself that the destination address you are sending too is correct before signing anything. If you are using software keys in the web wallet itself, it would be advisable to not open them or transact until you are certain you are not running a vulnerable version of the wallet. The safest course of action would be waiting for an announcement from the team developing the wallet you use. Source: https://bitcoinmagazine.com/news/npm-attack-javascript-library-compromise-goes-after-bitcoin-walletsThe post Javascript Library Compromise Goes After Bitcoin Wallets appeared on BitcoinEthereumNews.com. A major NPM developer, qix, has had their account compromised. It was used to push malware that targets and searches for bitcoin and cryptocurrency wallets on users devices. If detected, the malware would patch the code functions used to coordinate transaction signing, and replace the address a user is trying to send money to with one of the malware creator’s own addresses. This should mostly be a concern for web wallet users, so in the Bitcoin ecosystem Ordinals or Runes/other token users, as unless an update for your normal software wallet happened to be pushed just earlier today with the compromised dependency, or if your wallet dynamically loads code directly from the wallet back end bypassing the app-store, you should be fine. NPM is a package manager for Node.js, a popular Javascript framework. This means it is used to grab large sets of pre-written code used for common functionality to be integrated into different programs without the developer having to rewrite basic functions themselves. The targeted packages were not cryptocurrency specific, but packages used by countless numbers of normal applications built with Node.js, not just cryptocurrency wallets. If you are using a hardware wallet in combination with your web wallet, take extra care to verify on the device itself that the destination address you are sending too is correct before signing anything. If you are using software keys in the web wallet itself, it would be advisable to not open them or transact until you are certain you are not running a vulnerable version of the wallet. The safest course of action would be waiting for an announcement from the team developing the wallet you use. Source: https://bitcoinmagazine.com/news/npm-attack-javascript-library-compromise-goes-after-bitcoin-wallets

Javascript Library Compromise Goes After Bitcoin Wallets

Author: BitcoinEthereumNews
Source: BitcoinEthereumNews
2025/09/09 03:56
2 min read
TOKEN
TOKEN$0.002858-4.41%
NODE
NODE$0.01413-0.35%
PUSH
PUSH$0.011903+0.34%
SEND
SEND$0.09385-1.84%
For feedback or concerns regarding this content, please contact us at crypto.news@mexc.com

A major NPM developer, qix, has had their account compromised. It was used to push malware that targets and searches for bitcoin and cryptocurrency wallets on users devices. If detected, the malware would patch the code functions used to coordinate transaction signing, and replace the address a user is trying to send money to with one of the malware creator’s own addresses.

This should mostly be a concern for web wallet users, so in the Bitcoin ecosystem Ordinals or Runes/other token users, as unless an update for your normal software wallet happened to be pushed just earlier today with the compromised dependency, or if your wallet dynamically loads code directly from the wallet back end bypassing the app-store, you should be fine.

NPM is a package manager for Node.js, a popular Javascript framework. This means it is used to grab large sets of pre-written code used for common functionality to be integrated into different programs without the developer having to rewrite basic functions themselves.

The targeted packages were not cryptocurrency specific, but packages used by countless numbers of normal applications built with Node.js, not just cryptocurrency wallets.

If you are using a hardware wallet in combination with your web wallet, take extra care to verify on the device itself that the destination address you are sending too is correct before signing anything.

If you are using software keys in the web wallet itself, it would be advisable to not open them or transact until you are certain you are not running a vulnerable version of the wallet. The safest course of action would be waiting for an announcement from the team developing the wallet you use.

Source: https://bitcoinmagazine.com/news/npm-attack-javascript-library-compromise-goes-after-bitcoin-wallets

Disclaimer: The articles reposted on this site are sourced from public platforms and are provided for informational purposes only. They do not necessarily reflect the views of MEXC. All rights remain with the original authors. If you believe any content infringes on third-party rights, please contact crypto.news@mexc.com for removal. MEXC makes no guarantees regarding the accuracy, completeness, or timeliness of the content and is not responsible for any actions taken based on the information provided. The content does not constitute financial, legal, or other professional advice, nor should it be considered a recommendation or endorsement by MEXC.

You May Also Like

U.S. Oil Production Is On Pace For A New Record, But Growth Is Slowing

U.S. Oil Production Is On Pace For A New Record, But Growth Is Slowing

The post U.S. Oil Production Is On Pace For A New Record, But Growth Is Slowing appeared on BitcoinEthereumNews.com. FORT STOCKTON, TEXAS – MARCH 24: The sun sets behind a pumpjack during a gusty night on March 24, 2024 in Fort Stockton, Texas. Employment in Texas has reached record highs, with the oil- and gas-producing Permian Basin, which covers a large swathe of west Texas, leading the way. Permian Basin towns of Midland and Odessa notched 2.6 and 3.5 percent unemployment respectively, according to the report touted earlier this month by Gov. Gregg Abbott. (Photo by Brandon Bell/Getty Images) Getty Images For the past two years, the United States has set oil production records. This growth is a continuance of the surge in oil production resulting from the shale boom that began earlier this century. According to data from the Energy Information Administration, U.S. oil production average 13.2 million barrels per day in 2024, up from 12.7 million in 2023 and 12.5 million in 2022. U.S. Oil Production 1860-2024. Energy Information Administration It is now clear that the U.S. is on track this year to set its third consecutive annual record for crude oil production. Year-to-date production through the week ending September 12, 2025 shows a production level of 13.44 million BPD, which is about 1.9% ahead of last year’s record pace. But beneath those headline numbers, a subtle shift is underway: growth is slowing. The slowdown becomes clear if we look at the year-over-year percentage changes over the past 20 years. Annual Oil Production Change 2006-2025 YTD. Robert Rapier There have been only two other periods in the past 20 years where U.S. oil production growth slowed for three consecutive years, but both of those instances had extenuating circumstances. The first was from 2014 through 2016, when a price war launched by OPEC triggered a collapse in oil prices and forced U.S. producers to slash drilling activity. The…
Share
BitcoinEthereumNews2025/09/18 18:35
Silver Prices Edge Closer to a Pivotal Support and Resistance Test

Silver Prices Edge Closer to a Pivotal Support and Resistance Test

The post Silver Prices Edge Closer to a Pivotal Support and Resistance Test appeared on BitcoinEthereumNews.com. The silver market, although experiencing recent
Share
BitcoinEthereumNews2026/03/07 11:29
[Newspoint] Overpaid troll

[Newspoint] Overpaid troll

KAUFMAN. Former president Rodrigo Duterte's lawyer Nicholas Kaufman delivers his opening statement before the ICC Pre-Trial Chamber I on February 23, 2026.
Share
Rappler2026/03/07 11:00