Intruders Hack BitPay Crypto Wallet
BitPay, a crypto payment company, informed its customers in the blog about the hacking of Copay, its open-source bitcoin wallet, and gave instructions on how to restore the full-fledged operation of the app.
The vulnerability refers to a third-party Node.js module, also referred to as the “event stream.” It is used in v5.0.2-5.1.0 of the Copay and BitPay crypto wallets. In accordance with the GitHub information, this module was modified by introducing a malicious program that can steal information about customers' private keys.
BitPay claims that the viral file did not penetrate into its crypto wallet of the same name, and experts are trying to understand whether the users of the Copay wallet were affected.
As follows from the BitPay recommendations, users of the Copay crypto wallet from v5.0.2 to v5.1.0 should not start or open the app. BitPay has released 5.2.0, an updated, secure version of the crypto wallet available in app stores. Those customers whose personal addresses have been compromised should immediately transfer funds to the crypto wallet of the updated version.
GitHub reports that the network user under the name “right9ctrl” sent a request and received the right to publish data in the “event stream” library from the former maintainer Dominic Tarr, who wrote that he does not support the module anymore and did not know about the malignity of “right9ctrl.”
As previously reported, attackers hacked the email of the Uphold crypto exchange to raise funds fraudulently on Black Friday.