Researchers Uncover NodeCordRAT Hidden in npm Bitcoin-Themed Packages

Cybersecurity researchers have discovered three malicious npm packages that are designed to deliver a previously undocumented malware called NodeCordRAT. The names of the packages, all of which were taken down as of November 2025, are listed below. They were uploaded by a user named "wenmoonx."...

tiny-secp256k1 安全漏洞

tiny-secp256k1 is a wrapper for bitcoinjs open source. A security vulnerability exists in tiny-secp256k1 versions prior to 1.1.7 that stems from a possible bypass of checks when validating malicious JSON stringable messages, which could lead to false validation results...

Malicious code in bitcoinjs-lib-v5 (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2025-4165 Malicious code in bitcoinjs-lib-v5 (npm)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in @darkice/bitcoinjs-message (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2025-1687 Malicious code in @darkice/bitcoinjs-message (npm)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in bitcoinjs-lib-v6 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d413653ebb15cdf1e00c6e1053b21b33afb6324cfa26b1b20f93f6bc1e9ac19b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-11944 Malicious code in bitcoinjs-lib-v6 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d413653ebb15cdf1e00c6e1053b21b33afb6324cfa26b1b20f93f6bc1e9ac19b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Randstorm Exploit: Bitcoin Wallets Created b/w 2011-2015 Vulnerable to Hacking

Bitcoin wallets created between 2011 and 2015 are susceptible to a new kind of exploit called Randstorm that makes it possible to recover passwords and gain unauthorized access to a multitude of wallets spanning several blockchain platforms. "Randstorm is a term we coined to describe a collection...

Malicious code in bitcoinjs-lib-bigint (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ee5abe0014de83de3d111ab01e42e93f93afb0456186973c93615ac2bdcbcd00 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-1586 Malicious code in bitcoinjs-lib-bigint (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ee5abe0014de83de3d111ab01e42e93f93afb0456186973c93615ac2bdcbcd00 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

GHSA-HWH3-FHF6-73X9 Malicious Package in bictoinjs-lib

All versions of this package contained malware. The package was designed to find and exfiltrate cryptocurrency wallets. Recommendation Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated...