Malicious code in JavaScript Library could steal funds from Bitcoin users

Are Bitcoin funds at risk?

by Manoj Sharma for CNR

It’s pretty well known now that malicious code in software could result into vulnerabilities. This concept also applies on specific web pages, like popular Event-Stream JavaScript Library, which it’s been revealed currently contains a loophole. Hackers can exploit this loophole and use it to explore nefarious get-rich quick schemes…

The recent discovery of a backdoor in JavaScript can have multiple consequences. The Event-Stream package is downloaded about 2 million times each week, meaning the backdoor could be resident on a significant number of machines, ready to be exploited by criminals. The majority of these criminals are seemingly interested in stealing funds from crypto wallets. This puts Bitcoin proponents at significant risk.

The loophole was found in the beginning of November. A new component has been added to the older versions of the JavaScript Library, along with some obfuscated code which is primarily used for stealing cryptocurrency.

A new developer is seemingly the culprit behind this code as they added changes on the same day they received access to the repository. This could have effects on Bitcoin users. However, no reports of lost Bitcoin have been published to date due to this backdoor.

This is not the first time hackers have tried to steal cryptocurrencies using malicious code. Such cases have been seen over the years. Even with the downward trend of major cryptocurrencies, criminals favour digital assets over other financial gains due to instant transfers. This latest effort by hackers isn’t as impactful as other attempts for stealing cryptocurrencies , thanks to the Copay developers who took swift action.

Image: BigStock