Research
Two Malicious Rust Crates Impersonate Popular Logger to Steal Wallet Keys
Socket uncovers malicious Rust crates impersonating fast_log to steal Solana and Ethereum wallet keys from source code.
By Kirill Boychenko - Sep 24, 2025
bitmark
Webcredits is a library for creating decentralized ledgers and payments on the web.
Installation
npm install -g bitmark
Setup
credit create
credit genesis
After the tables are in place, the genesis process must be carried out. The standard population script will put 1 million bits in the coinbase which can then be distributed in tranches to the seed users or robots.
credit server
Then go to
- http://localhost:11077/
- http://localhost:11077/ledger
- http://localhost:11077/balance
- http://localhost:11077/reputation
- http://localhost:11077/tx
- http://localhost:11077/insert
Alternatively calls can be placed via the library or command line.
Commands
balance <URI> - shows a balance
create - creates a database
genesis - seeds a wallet
help - shows help message
insert <source> <amount> <unit> <destination>
[description] [timestamp] - inserts a web credit
reputation <URI> - gets the reputation
server - starts an express server
websocket - starts a websocket server
Will conform to the values in lib/dbconfig.js
Configuration
config.dialect = 'mysql';
config.storage = 'credit.db';
config.host = 'localhost';
config.database = 'webcredits';
config.username = 'root';
config.password = '';
config.wallet = 'https://localhost/wallet/test#this';
dialect is the db type
- mysql
- sqlite
- mssql
- mariadb
- postgres
storage is for sqlite defaults to credit.db
hostis hostdatabaseis database nameusernameis usernamepasswordis passwordwalletis the wallet that contains the webcredit ledger, api and details
Are supported
More Detailed Explanation
Webcredits is a transferable points scoring system. It can be used to provide feedback to the user, throttle actions and allow "gamification" of apps. The system is secure and compatible with the work of the W3C payments groups, so that real incentives may be eventually used. The first versions of the system will only use test credits of negligible monetary value. However, the same code can be used for production systems using full payments.
Technical Overview
A wallet consists of a ledger and transactions. Each entry in the ledger is a URI and a positive balance.
<URI> "balance"^^xsd:decimal <currency>
Changes are made to the ledger via webcredits.
<source> <amount> <currency> <destination> <comment> <timestamp>
The genesis state is a starting ledger where one balance, usually the "coinbase" is a non zero account with an emission algorithm. Digital signatures may be included with the webcredits to prove who sent them.
The ledgers and credits can be stored in an LDPC or database. Changes to the ledger are made by adding new transactions, either via HTTP POST or by a direct insert to the database.
Model
Ontology
The main ontology is the webcredits system
Discovery
Wallets can be found either from a WebID or from an application configuration using the wallet predicate.
https://w3id.org/cc#wallet
This allows users to launch a wallet app and see their balance, their transaction history, and to make new payments.
Wallet
The wallet is the main holding structure that points to all the other items. A typical wallet may look as follows:
<#this>
<http://purl.org/dc/terms/description> "My Wallet" ;
a <https://w3id.org/cc#Wallet> ;
<https://w3id.org/cc#api> <http://klaranet/wallet/var/api/v1/> ;
<https://w3id.org/cc#inbox> <inbox/> ;
<https://w3id.org/cc#tx> <tx/> .
- The api is where you can make RESTful calls for balances and transactions
- The inbox is where you can POST new credits
- The tx is where processed transactions are (optionally) stored
Databases
For large scale processing a database can be used. Initially supported databases are:
- sqlite
- mySql
Example schemas
CREATE TABLE Credit (
`@id` TEXT,
`source` TEXT,
`amount` REAL,
`currency` VARCHAR(255) DEFAULT 'https://w3id.org/cc#bit',
`destination` TEXT,
`timestamp` TIMESTAMP DEFAULT CURRENT_TIMESTAMP NOT NULL,
`context` TEXT,
`description` TEXT,
`wallet` TEXT
);
CREATE TABLE Ledger (
`source` TEXT,
`amount` REAL,
`currency` VARCHAR(255) DEFAULT 'https://w3id.org/cc#bit',
`wallet` TEXT
);
CREATE TABLE Genesis (
`source` TEXT,
`amount` REAL,
`currency` VARCHAR(255) DEFAULT 'https://w3id.org/cc#bit',
`wallet` TEXT
);
The default currency is the 'bit' equal to one millionth of a bitcoin.
Controller
Reading
It is possible to access balances and credits directly from the database.
A RESTful API is also provided for convenience to the database.
Writing
It is possible to write records to the database, tho this is not recommended. Better is to use the javascript API.
JavaScript API
The javascript API provides a function insert.js that will
- insert a credit into the data store
- get a canonical ID for a data structure
- check no balance goes below zero
- alter the ledger of the source and destination
insert.js <source> <amount> <currency> <destination> [comment] [timestamp] [wallet]
Views
Virtual Wallet
The first client used is an open source client side JS project called virtual wallet:
API
Functions
- setupDB(dialect, storage) ⇒
Object setup database
- getConfig() ⇒
Object gets the current config
- createTables(sequelize, callback)
create tables
- getCredit(credit, sequelize, config, callback) ⇒
Object get credit
- createDB(config, callback)
createDB function
- getBalance(source, sequelize, config, callback)
get balance
- genesisInit(config, callback)
genesis initialization
- genesis(config, callback)
genesis
- balance(source, sequelize, config, callback)
get balance
- getReputation(sequelize)
get reputation
- today(credit, sequelize, config, callback)
Today's credits
- reputation(config)
reputation function
- insert(credit, sequelize, config, callback)
Insert into webcredits
setupDB(dialect, storage) ⇒ Object
setup database
Kind: global function
Returns: Object - sequelize db object
| Param | Type | Description |
|---|---|---|
| dialect | string | type of db mysql |
| storage | string | file used for sqlite, default ./credit.db |
getConfig() ⇒ Object
gets the current config
Kind: global function
Returns: Object - The config
createTables(sequelize, callback)
create tables
Kind: global function
| Param | Type | Description |
|---|---|---|
| sequelize | Object | db object |
| callback | Object | callback |
getCredit(credit, sequelize, config, callback) ⇒ Object
get credit
Kind: global function
Returns: Object - the web credit if exists
| Param | Type | Description |
|---|---|---|
| credit | Object | the web credit |
| sequelize | Object | the DB connection |
| config | Object | the config |
| callback | Object | callback |
createDB(config, callback)
createDB function
Kind: global function
| Param | Type | Description |
|---|---|---|
| config | Object | config |
| callback | Object | callback |
getBalance(source, sequelize, config, callback)
get balance
Kind: global function
| Param | Type | Description |
|---|---|---|
| source | String | the source |
| sequelize | Object | sequelize object |
| config | Object | config |
| callback | function | callback |
genesisInit(config, callback)
genesis initialization
Kind: global function
| Param | Type | Description |
|---|---|---|
| config | Object | config |
| callback | function | callback |
genesis(config, callback)
genesis
Kind: global function
| Param | Type | Description |
|---|---|---|
| config | Object | config |
| callback | function | callback |
balance(source, sequelize, config, callback)
get balance
Kind: global function
| Param | Type | Description |
|---|---|---|
| source | String | the source |
| sequelize | Object | sequelize object |
| config | Object | config |
| callback | function | callback |
getReputation(sequelize)
get reputation
Kind: global function
| Param | Type | Description |
|---|---|---|
| sequelize | Object | db object |
today(credit, sequelize, config, callback)
Today's credits
Kind: global function
| Param | Type | Description |
|---|---|---|
| credit | Object | a web credit |
| sequelize | Object | db connection |
| config | Object | config |
| callback | function | callback |
reputation(config)
reputation function
Kind: global function
| Param | Type | Description |
|---|---|---|
| config | Object | [description] |
insert(credit, sequelize, config, callback)
Insert into webcredits
Kind: global function
| Param | Type | Description |
|---|---|---|
| credit | Object | a web credit |
| sequelize | Object | db connection |
| config | Object | config |
| callback | function | callback |
FAQs
bitmark
We found that bitmark demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 22 Mar 2016
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
Malicious fezbox npm Package Steals Browser Passwords from Cookies via Innovative QR Code Steganographic Technique
A malicious package uses a QR code as steganography in an innovative technique.
By Olivia Brown - Sep 22, 2025
Research
/Security News
Identifying and Preventing Fraudulent Engineering Candidates: An Investigation into 80 Confirmed Cases
Socket identified 80 fake candidates targeting engineering roles, including suspected North Korean operators, exposing the new reality of hiring as a security function.
By Lauren Valencia, Kirill Boychenko - Sep 17, 2025