Staker Community

Please login or register.

Login with username, password and session length
Advanced search  

Author Topic: BitPay invites users to transfer funds to new portfolios amid malicious software  (Read 20 times)

Firaschaari

  • Jr. Member
  • **
  • Karma: +0/-0
  • Posts: 94
    • View Profile

BitPay has warned customers of a vulnerability in the third-party NodeJS package used by Copay and BitPay applications that can be used to take private user keys. The company said that the malicious software was deployed in versions 5.0.2 through 5.1.0 of the applications of Copay and BitPay. BitPay recommended that users move funds to new portfolios immediately as private keys are likely to be at risk.

BitPay is investigating a security vulnerability
The company said in a statement that BitPay was investigating whether Copay users were suffering from any alleged attack by malicious code commands. The payment service warned customers not to use any versions of Copay before running the BitPay security update on app stores.

In addition, BitPay recommended users to transfer digital currency to the new portfolios (v5.2.0) immediately where they can penetrate the private keys. The Atlanta-based firm warned users not to import the affected portfolios because they could also be at risk.
Logged

Firaschaari

  • Jr. Member
  • **
  • Karma: +0/-0
  • Posts: 94
    • View Profile

BitPay discovered malware through a report posted on the Copay and according to comments on GitHub, where the malware was really deceptive and only loaded the private keys of the wallet that already had more than 100 BTC there. BitPay and its users were lucky this time but they should be prepared for future attacks, according to one comment.

In April 2018, BitPay issued a warning of a hacking attack called Coinbitclip effect on processing some purchases using Betquin. This attack did not hurt any particular wallet or payment system, but Windows users only.
Logged