BitPay safe for now
The BitPay application itself is not vulnerable to the package, though the security breach may have affected Copay users, the wallet BitPay uses to store customer funds. Users were also informed not to import backup phrases as they could be compromised. The BitPay statement reads as follows –
“Our team is continuing to investigate this issue and the extent of the vulnerability. In the meantime, if you are using any Copay version from 5.0.2 to 5.1.0, you should not run or open the app. A security update version (5.2.0) has been released and will be available for all Copay and BitPay wallet users in the app stores momentarily.”
The malware was reported to be clever in its design by the initial Copay Github warning, infiltrating users who had more than 100 BTC stored. BitPay narrowly avoided a mass liquidation according to one user – “[BitPay] Narrowly escaped a mass theft/liquidation event. Network egress monitoring would be good to add to automated tests if not already part of the build validation process.” It is unknown at the current time if any users were affected, though it appears that all funds are safe.
All advantages toward cybercriminals
In this latest library edition came some obfuscated code containing the private key stealing malware. While this breach has been contained, BitPay remains a high-return investment for hackers, as government departments and large businesses are using its services. Such a popular BTC payment processor with a high trade volume may eventually be compromised by hackers in an era where the advantages are tilting in favor of cybercriminals as opposed to network defenders.
Digital Nomad with an interest in Zen and Blockchain technology.
Law graduate with 3 years experience as a consultant in the capital markets industry and 4 years experience freelancing on UpWork as a Creative Writer.