QIX, the leading NPM developer, has compromised its account. It was used to push malware to target and search for Bitcoin and cryptocurrency wallets on user devices. If detected, the malware patches the code function used to adjust the signature of the transaction and exchanges the address the user is about to send money to one of the malware creators’ own addresses.
This should be a concern primarily for web wallet users. In Bitcoin Ecosystem Ordinances or Rune/Other Token Users, regular software wallet updates may not be pushed immediately today with compromised dependencies.
NPM is the package manager for Node.js, a popular JavaScript framework. This means that it is used to get a large amount of pre-written code used for common features without the need for developers to rewrite basic features themselves.
Targeted packages were not cryptocurrency specific, but packages used not only in cryptocurrency wallets, but also in countless regular applications built with node.js.
If you are using a hardware wallet in conjunction with a web wallet, make sure that the destination address you are sending to the device itself is correct and take note before signing anything.
If you are using software keys in the web wallet itself, we recommend that you do not open or trade them until you have confirmed that you are not running a vulnerable version of the wallet. The safest course of action is to wait for an announcement from the team developing the wallet to use.
