Confirmed: “Malicious Code Deployed on Versions 5.0.2 through 5.1.0 of Copay & BitPay apps”

japan hack

Confirmed: “Malicious Code Deployed on Versions 5.0.2 through 5.1.0 of Copay & BitPay apps”

Global bitcoin payment service provider, BitPay announces that its open source bitcoin wallet Copay has been attacked and exposed to malicious code with the intent to steal Bitcoin (BTC) and Bitcoin Cash (BCH) funds.

Bitcoin Wallets “may have been Compromised,” Reports BitPay

According to the latest reports[ shared by BitPay, a US-headquartered global bitcoin payment service provider, Copay has been compromised. Copay is BitPay’s open source bitcoin wallet provider where one can secure their personal funds with one or multiple signatures. By eliminating the need to trust third parties with savings, it asks the general public to “Take security into your own hands.”

However, a hacker has been able to get access to a JavaScript library and further infecting the Copay wallet apps with malicious code with an intent to steal Bitcoin (BTC) and Bitcoin Cash (BCH) funds.

Brian Hoffman, an open source developer wrote on Twitter in response, “This is a much bigger issue than just BitPay.”

A Bitcoin enthusiast wrote,

Last week, the presence of a malicious code has been identified but it’s clear intent and what it can do hasn’t been known, until now.

Used in millions of web applications, a Node.js module known as event-stream has been compromised. Reportedly, a user on GitHub asked for publishing rights to the library from Dominic Tarr, its previous maintainer who said, “He emailed me and said he wanted to maintain the module, so I gave it to him. I don’t get anything from maintaining this module, and I don’t even use it anymore, and haven’t for years.”

The official announcement by BitPay says the BitPay app in itself “was not vulnerable to the malicious code” but are still investigating if Copay users are exploited.

“We have learned from a Copay GitHub issue report that a third-party NodeJS package used by the Copay and BitPay apps had been modified to load malicious code which could be used to capture users’ private keys. Currently, we have only confirmed that the malicious code was deployed on versions 5.0.2 through 5.1.0 of our Copay and BitPay apps.”

The team says the users of Copay version from 5.0.2 to 5.1.0 should not open or run the app. In the meantime, a security update version (5.2.0) is also released.

BitPay further cautions that,

“Users should assume that private keys on affected wallets may have been compromised, so they should move funds to new wallets (v5.2.0) immediately,” before adding, “Users should first update their affected wallets (5.0.2-5.1.0) and then send all funds from affected wallets to a brand new wallet on version 5.2.0, using the Send Max feature to initiate transactions of all funds.”

 

Coingape is committed to following the highest standards of journalism, and therefore, it abides by a strict editorial policy. While CoinGape takes all the measures to ensure that the facts presented in its news articles are accurate.
Disclaimer The views, opinions, positions or strategies expressed by the authors and those providing comments are theirs alone, and do not necessarily reflect the views, opinions, positions or strategies of CoinGape. Do your market research before investing in cryptocurrencies. The author or publication does not hold any responsibility for your personal financial loss.
Author: Anjali Tyagi

Having a background in writing, I worked on a wide array of industry topics and have recently entered the world of Blockchain and Cryptocurrency.

Post your comment...
Anjali Tyagi 440 Articles

Having a background in writing, I worked on a wide array of industry topics and have recently entered the world of Blockchain and Cryptocurrency.

Follow Anjali @