Breaking: Numerous Bitcoin Wallets May Have Been Compromised by Rogue Developer

in #dlike6 years ago

share-with-dlike.jpg

Ayrton Sparling wrote:

“He added flatmap-stream which is entirely (1 commit to the repo but has 3 versions, the latest one removes the injection, unmaintained, created 3 months ago) an injection targeting ps-tree. After he adds it at almost the exact same time the injection is added to flatmap-stream, he bumps the version and publishes. Literally the second commit (3 days later) after that he removes the injection and bumps a major version so he can clear the repo of having flatmap-stream but still have everyone (millions of weekly installs) using 3.x affected.”

source link


Source of shared Link

Sort:  

This Lock is the hole