Skip to main content

Copay and Bitpay Wallet Apps Were Infected With Malicious Code

Copay and Bitpay Wallet Apps Were Infected With Malicious Code

A developer has injected a piece of malicious code into the software used by the popular Copay and Bitpay wallets. The safety of the Bitcoin.com wallet was not compromised and the Bitpay app was not vulnerable to the attack, but Copay users need to take precautionary actions.

Also Read: Chinese Startup Gets Crypto Custodial Services License in Hong Kong

Someone Might Have Been Able to Steal Private Keys

Copay and Bitpay Wallet Apps Were Infected With Malicious CodeThe Bitpay team has announced that a third-party NodeJS (the open-source Java Script environment) package used by the Copay and BitPay apps had been modified to load malicious code. This could have been used to capture and steal users’ private wallet keys. The company learned about the vulnerability from a GitHub issue report about an “event-stream” dependency attack.

Bitpay has only confirmed so far that the malicious code was deployed on its Copay and Bitpay apps from version 5.0.2 to 5.1.0. However, the company has tried to reassure users by saying that the Bitpay app was not vulnerable to the malicious code. A security update (version 5.2.0) has been developed and will be made available for users in the app stores. And the team is still investigating to figure out if the malicious code was ever actually used against people.

What Copay Wallet Users Need to Do Now to Keep Safe

Copay and Bitpay Wallet Apps Were Infected With Malicious CodeThe Bitpay team warns that anyone using a Copay app from version 5.0.2 to 5.1.0 should not open it again. Users should first update their affected wallets and then send all funds from affected wallets to new version 5.2.0 wallets. Users should not attempt to move funds to new wallets by importing affected backup phrases, as they should assume that the corresponding private keys may have been compromised.

If you use the Bitcoin.com wallet you have not been affected by this issue at all, so you don’t need to do anything. “Our wallet doesn’t use the compromised ‘package,’ so we’re completely out of trouble for this one,” explains the Bitcoin.com wallet development team. “We’re operating as normal, we have never used that package and will never use it.”

Do you use an affected Copay wallet? Share your thoughts in the comments section below.

Images courtesy of Shutterstock.

Verify and track bitcoin cash transactions on our BCH Block Explorer, the best of its kind anywhere in the world. Also, keep up with your holdings, BCH and other coins, on our market charts at Satoshi’s Pulse, another original and free service from Bitcoin.com.

The post Copay and Bitpay Wallet Apps Were Infected With Malicious Code appeared first on Bitcoin News.



from Bitcoin News https://ift.tt/2DLPbx6
Labels:

Comments

Post a Comment

Popular posts from this blog

Mt Gox Creditors Updated, Trustee Says Rehabilitation Custodian Is ‘Currently Preparing to Make Repayments’

On August 31, 2022, the Mt Gox trustee Nobuaki Kobayashi explained in a recent letter that the rehabilitation custodian is “currently preparing to make repayments” to Mt Gox creditors. Trustee Updates Mt Gox Creditors — Repayment Date and Exchange Still Unknown Last week speculation and rumors concerning the release of 140K bitcoin ( BTC ) from Mt Gox littered social media platforms and headlines. Bitcoin.com News covered the situation six days ago as a number of people and Mt Gox creditors called the rumors “ fake news .” During that same period of time, a bitcoin whale transferred 10,000 BTC to unknown wallets, and a 2018 annotation , heuristics, and clustering methods show the funds likely originated from the June 2011 Mt Gox hacks. Following the mysterious whale transfer, last Wednesday, Mt Gox published an official update from the court trustee Nobuaki Kobayashi that explains the court is “currently preparing to make repayments” to creditors. Mt Gox creditors have been wait...
Post a Comment
Read more

International Crypto Exchange Luno Adds Bitcoin Cash Trading

Luno exchange has added bitcoin cash trading to the platform following feedback from its client base. BCH is now only the third cryptocurrency available for trading on the exchange, in addition to BTC and ETH , but more options could be on the way once Luno determines that they are credible enough. Also Read: Bitflyer Adds Bitcoin Cash Trading Across Europe and the US Luno Adds Bitcoin Cash Trading Luno, the London-headquartered company formerly known as Bitx, recently announced that bitcoin cash was made available on its cryptocurrency exchange. Starting from Monday, September 23, customers at Luno are now able to store, buy and sell BCH on the platform. The reason given for adding BCH to the exchange is feedback from users in developing markets that convinced Luno to expand their offering from previously just BTC and ETH . Marcus Swanepoel, CEO of Luno, said , “We are in a new and exciting financial era. Developing economies are leading the large-scale adoption and appli...
Post a Comment
Read more

DefiDollar Listing on AscendEX

PRESS RELEASE. AscendEX, formerly BitMax, an industry-leading digital asset trading platform built by Wall Street quant trading veterans, has announced the listing of the DefiDollar Token (DFD) under the pair USDT/DFD on Apr 29 at 1:00 p.m. UTC. DefiDollar is a DeFi lab that aims to bring mass adoption to DeFi with a wide-ranging product suite. The first product offering to go live will be the stablecoin index – DUSD, with ibBTC and optionCoin currently in development. DefiDollar (DUSD) aspires to be a risk-insured stablecoin layer for DeFi. It is designed to provide a safe and stable way for users to hold their assets with DUSD being optimized for peg safety, yield, and diversification. DefiDollar uses DeFi primitives to stay close to the dollar mark. DUSD provides an avenue for diversifying stablecoin holdings to hedge against an event where the underlying stablecoins like Tether or DAI deviate from their peg. DUSD is collateralized by Curve Finance LP tokens. DFD is the n...
Post a Comment
Read more