# Code Dependency Attack

Attackers [have successfully inserted code](https://www.theregister.co.uk/2018/11/26/npm_repo_bitcoin_stealer/) designed to steal people’s bitcoin into popular open-source software packages that are used by some crypto wallets. The cost of auditing all the code that goes into a system is prohibitive, so this remains an appealing avenue for attacks. 

**Mitigation:**

* Use a mix of different hardware and software for your key storage system. 
* Use hardware wallets which have smaller and more carefully audited code bases.