JavaScript Code Compromises Bitcoin Wallets

A popular JavaScript library has been compromised by an unknown hacker who inserted malicious code to steal from cryptocurrency wallets.

The widely used open source software that has been compromised is event-stream, a code library with 2 million downloads.

According to Bleeping Computer event-stream is built to simplify working with Node.js streaming modules and it is available through the repository.

Malicious code

Researchers found the malicious code last week, warned that earlier versions of the library includes a new component, ‘flatmap-stream’ version 0.1.1, that contains dangerous code.

This compromise was apparently introduced when Dominic Tarr, the original developer of Event-Stream, gave up the library and passed it to another developer, right9ctrl.

Unfortunately, it seems that Right9ctrl implemented the malicious changes as soon as they received access to the popular library. He or she then published the updated version.

“He [right9ctrl] emailed me and said he wanted to maintain the module, so I gave it to him. I don’t get anything from maintaining this module, and I don’t even use it anymore and haven’t for years,” Tarr reportedly said, adding that he no longer had publishing rights for the library on

Dominic Tarr admitted he made a mistake by transferring the rights to the repository whilst it remained under his username.

It seems the malicious code targets libraries associated with the Copay Bitcoin wallet app, and it seems highly likely the intend was to steal wallet files.

Bleeping Computer said the injected code tries to steal the bitcoins in the wallet and then attempts to connect to and to the IP address in Malaysia.

Right9ctrl later published an update without the malicious code embedded, in a move that some feel was designed to hide their tracks.

Do you know all about security? Try our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Malicious Online Ad Campaign Steals User Logins

'Magnat' malicious advertising campaign uncovered by Cisco Talos has been stealing login credentials and other…

22 hours ago

Waymo, Nuro Launch Robo-Delivery Services In California

Cruise starts robo-delivery service in Mountain View as Waymo plans limited trial of grocery-delivery service…

23 hours ago

NSO Spyware ‘Used To Hack US Diplomats’

Apple alerts employees of US State Department of hacking by NSO Group's controversial Pegasus spyware…

24 hours ago

Starlink Plans Services In India As SpaceX Breaks Launch Record

Starlink to apply for commercial licence to provide satellite broadband services in India, as parent…

24 hours ago

Musk Tesla Share Sale Surpasses $10bn

Elon Musk's Tesla share sell-off surpasses $10 billion as it reaches into fourth consecutive week,…

1 day ago

Uber To Pay $9m Settlement Over Safety Reporting Failure

Uber agrees to pay $9 million to settle dispute with California regulators over its failure…

1 day ago