Hackers Compromise BitPay’s Wallet, Adding Malware to the Code

  • Yuri Molchan
    📰 News

    BitPay reports that the Copay crypto vault has been compromised by means of malware inbuilt into the wallet’s code


Hackers Compromise BitPay’s Wallet, Adding Malware to the Code
Contents

BitPay has announced through GitHub that some hacker modified part of its Copay wallet’s software to upload some malicious code into it.

BitPay’s app remains secure

The hacker installed the virus on the wallet’s modifications 5.0.2 up to 5.1.0 of Copay and BitPay’s crypto storage apps. Experts believe this malicious code can be utilized for stealing private keys in order to get hold of customers’ BTC and BCH coins.

BitPay reps assure that the company’s app proved to be not vulnerable to the hackers’ attempts to compromise it. But currently they are busy researching if any damage has been done to the users of Copay’s platform.

👉MUST READ

Ledger ‘Cold’ Wallet Expands to New York to Build Custody Service for Institutional Investors

Ledger ‘Cold’ Wallet Expands to New York to Build Custody Service for Institutional Investors

Secure update already released

The company urges its customers not to switch on their Copay wallets if it is versions 5.0.2 – 5.1.0 that they use. BitPay and Copay together have already managed to create and release an improved wallet – the 5.2.0 version, which does not contain any malicious codes and can be used by all customers of both BitPay and Copay. The companies assure that the updated version of the wallet will appear in online stores instantly.

BitPay has warned their clients that since keys on the infected wallets were probably copied, they had better transfer their crypto to the new version of the Copay wallet as soon as possible. The company also noted that users should not import their seed phrases made up of 12 words, since they too can be compromised and serve as a way to restore lost crypto.

The recommended way to transfer their coins from old vaults to the new ones is the Send Max feature, suggests BitPay.

The main suspect

It is believed that the trouble was initiated by a fake developer nicknamed Right9ctrl. He took over maintaining the NodeJS library from the guy who created it but could no longer devote time to work on the library. The latter reportedly took place a quarter of a year ago. Back then, the fake developer got access to the library and infected it with malware.

Cover image via u.today
Join our Telegram channel to get news even faster!

About the author

Yuri has worked in crypto since 2017. A translator, quickly became a crypto enthusiast. He has worked for several Telegram channels covering cryptocurrencies. Currently is a news writer, covering crypto and blockchain-related topics.

👓 Recommended articles

This site uses cookies for different purposes. Please set your preferences in Cookie Settings and visit our Cookie policy for more information on how and why cookies are used on this site. Click here for cookie policy

Cookie settings