(www.aikido.dev)

1369 points universesquid | 1 comments | 08 Sep 25 15:37 UTC | HN request time: 0s | source

https://github.com/advisories/GHSA-8mgj-vmr8-frr6

Show context

pavlov ◴[08 Sep 25 16:02 UTC] No.45169954[source]▶

>>45169657 (OP) #

The malware steals crypto in end-user browsers.

Another one for “web3 is going great”…

replies(1): >>45170196 #

goku12 ◴[08 Sep 25 16:20 UTC] No.45170196[source]▶

>>45169954 #

I dislike web3 and the overuse of crypto as much as you do. But look at the nature of the exploit. It isn't limited to crypto or web3. There are other secrets and sensitive information that browsers regularly hold in their memory. What about them?

replies(1): >>45170383 #

1. jowea ◴[08 Sep 25 16:34 UTC] No.45170383[source]▶

>>45170196 #

Yeah cryptoassets are probably just the easiest thing to monetize.

↑

NPM debug and chalk packages compromised