reply on: How to Verify the Impact of the Recent NPM Attack on My Wallets? \ stacker news ~bitcoin

pull down to refresh

11 sats \ 3 replies \ @SimpleStacker 10h \ parent \ on: How to Verify the Impact of the Recent NPM Attack on My Wallets? bitcoin

Again, you can try sending a small amount to test, then use an external application like mempool.space to see if it got sent to the address you actually sent it to.

40 sats \ 2 replies \ @spiderman OP 10h

I doubt if it is a valid test in this instance. If the problem does not surface in one transaction how can I guarantee it will not surface in another transaction?

I am not the one who developed the malware, obviously. But if I were, and the malware had access to the transaction information (public key, amount etc.) then I would trigger it only for transaction worth beyond a threshold, like a few million Sats. The goal would be to delay the detection of its presence, and capture a few big fishes instead of a bunch of small fishes. If every transaction is poisoned, the exploit would come to the surface pretty fast, and people would stop falling for it, as is the case once it got widely publicised.

For all intent and purpose, I suspect the attacker had his day, and unlikely to gain any more, although likely made enough to retire. The window of opportunity is is just too small if the attack happens deterministically at every transaction.

13 sats \ 0 replies \ @SimpleStacker 9h

I don't think I can help you further then. You'd have to look into technical details beyond my know-how.

0 sats \ 0 replies \ @adlai 3h

according to the article I linked, the take was a fruit basket¹, fresh worth a few hundred bucks², and who knows what you could make from it if you like cognac³ and painting⁴.

random bunch of sweet cheap stuff ↩
minus fees duh ↩
why buy low if you can phish, ferment, and sell high? ↩
tape, on markets, of small coins deposited after creeping through various swaps to avoid KYCLOB blacklists ↩

Footnotes