Copay and Bitpay Wallet Apps Were Infected With Malicious Code

Star InactiveStar InactiveStar InactiveStar InactiveStar Inactive

A developer has injected a piece of malicious code into the software used by the popular Copay and Bitpay wallets. The safety of the Bitcoin.com wallet was not compromised and the Bitpay app was not vulnerable to the attack, but Copay users need to take precautionary actions.

Someone Might Have Been Able to Steal Private Keys

The Bitpay team has announced that a third-party NodeJS (the open-source Java Script environment) package used by the Copay and BitPay apps had been modified to load malicious code. This could have been used to capture and steal users’ private wallet keys. The company learned about the vulnerability from a GitHub issue report about an “event-stream” dependency attack.

Bitpay has only confirmed so far that the malicious code was deployed on its Copay and Bitpay apps from version 5.0.2 to 5.1.0. However, the company has tried to reassure users by saying that the Bitpay app was not vulnerable to the malicious code. A security update (version 5.2.0) has been developed and will be made available for users in the app stores. And the team is still investigating to figure out if the malicious code was ever actually used against people.

© 2018 Bitnaw.com. All Rights Reserved.