JavaScript Code Compromises Bitcoin Wallets

A popular JavaScript library has been compromised by an unknown hacker who inserted malicious code to steal from cryptocurrency wallets.

The widely used open source software that has been compromised is event-stream, a code library with 2 million downloads.

According to Bleeping Computer event-stream is built to simplify working with Node.js streaming modules and it is available through the npmjs.com repository.

Malicious code

Researchers found the malicious code last week, warned that earlier versions of the library includes a new component, ‘flatmap-stream’ version 0.1.1, that contains dangerous code.

This compromise was apparently introduced when Dominic Tarr, the original developer of Event-Stream, gave up the library and passed it to another developer, right9ctrl.

Unfortunately, it seems that Right9ctrl implemented the malicious changes as soon as they received access to the popular library. He or she then published the updated version.

“He [right9ctrl] emailed me and said he wanted to maintain the module, so I gave it to him. I don’t get anything from maintaining this module, and I don’t even use it anymore and haven’t for years,” Tarr reportedly said, adding that he no longer had publishing rights for the library on npmjs.com.

Dominic Tarr admitted he made a mistake by transferring the rights to the repository whilst it remained under his username.

It seems the malicious code targets libraries associated with the Copay Bitcoin wallet app, and it seems highly likely the intend was to steal wallet files.

Bleeping Computer said the injected code tries to steal the bitcoins in the wallet and then attempts to connect to copayapi.host and to the IP address 111.90.151.134 in Malaysia.

Right9ctrl later published an update without the malicious code embedded, in a move that some feel was designed to hide their tracks.

Do you know all about security? Try our quiz!

Tom Jowitt @TJowitt

Tom Jowitt is a leading British tech freelance and long standing contributor to TechWeek Europe

Recent Posts

Google To Restrict Political Adverts Worldwide

Political adverts that target sections of people will no longer be allowed on Google's platforms worldwide

8 mins ago

Huawei Asks Canadian Court To Halt CFO Extradition To US

US extradition of Meng Wanzhou should be halted as Canada did not have sanctions against Iran at time of request

2 hours ago

America Criticised For Mike Lynch Extradition Request

US DoJ officials damned for filing extradition request for former Autonomy boss, whilst a court case is ongoing in London

3 hours ago

Google Cloud Next UK: Google Cloud To Offer AI Explanations

Explainable AI. Google Cloud will offer explanations so that businesses can see and understand why AI made a particular decision

4 hours ago

Google Cloud Next UK: G Suite Gains New Assistive Features

Day two of Google's cloud event, sees new assistive features that utilise AI for G Suite to help both consumers…

6 hours ago

Near Miss With Drone At Gatwick Airport

Rogue drone came within 20m (65ft) of a passenger plane as it flew in to Gatwick Airport in July

21 hours ago