wry Posted November 27, 2018 #1 Posted November 27, 2018 I have a Bitpay card and like it a lot. The Bitpay wallet complements it nicely and so I use that as well for some of my coins. As you may know the Bitpay wallet is related to an open source wallet called Co-pay. Well a black hat hacker worked his way up the coding team and got access to the code base a few months ago. Using java script he was able to corrupt some of the more recent builds 5.0.2 through 5.1.0 of the wallet. Full details here: https://www.coindesk.com/fake-developer-sneaks-malicious-code-into-bitpays-copay-wallet Bitpay says it did NOT effect the Bitpay wallet, but they are also saying to update to version 5.2 right away and not use versions 5.0.2 through 5.1.0. This kind of thing really does worry me. Bitpay is a main stream crypto company and to have something like this happen is a bit disconcerting to say the least. It's not like this was FlyByNite Coins inc. Also, keep in mind that if you are using a pre 5.0 version of the Bitpay wallet, it is a minor hassle to upgrade to 5.2, see here: https://support.bitpay.com/hc/en-us/articles/360019757011-How-do-I-update-my-desktop-BitPay-or-Copay-wallet-to-version-5-0-or-greater-
CaptainLorca Posted November 27, 2018 #2 Posted November 27, 2018 I use Bitpay as well. Did they mention anything about the AppStore App of them? They „forced“ me to use the one from Apple AppStore on Mac and get the alarming message as well. or maybe I already did the step.. need to investigate it later more detailed.
wry Posted November 27, 2018 Author #3 Posted November 27, 2018 Sorry @CaptainLorca I'm not sure. I don't use the Apple version and have a pre 5.0 version of the wallet because the upgrade I mentioned at the end of the article was going to be a minor hassle. It effects app and desktop versions and they should have the 5.2 version out now on the App Store.
Kate Posted November 28, 2018 #4 Posted November 28, 2018 Seeing a big crypto wallet company called BitPay gets problems like this now makes me sure that no online crypto wallet can be a 100% safe as they say. Quote The attack appears to have been carried out by a supposed developer called Right9ctrl who took over maintenance of the NodeJS library from its author who no longer had time for the work, Seems like it was a workers fault i guess ?
wry Posted November 28, 2018 Author #5 Posted November 28, 2018 9 hours ago, Kate said: Seems like it was a workers fault i guess ? The Co-Pay version of their wallet, which forms the basis of their Bitpay wallet is open source. This means it's a community based project and anyone can contribute. However, someone has to be trusted with the repository credentials and that fell to the black hat hacker. Neither him nor the person who was the custodian before were Bitpay employees according to the article that I saw.
JEEPERS0029 Posted December 10, 2018 #6 Posted December 10, 2018 Hi! Seriously?? no, but that's crazy!! it's infiltrating everywhere it's a headache, even an institution that is still reputed as one of the most secure on the cryptomonnaise level can get it done by a guy and with java scrypt in addition!!??!!! no kidding, you really have to find the unstoppable trick that will never jump!!! but knowing the hackers they will always find a way to put your fingers on the company's security system and steal everything as usual!! I hope at least they didn't steal anything from you, the hackers, I mean!!XD and if so, did co-pay your return or did you need insurance or something like that? Anyway, good luck for the future and hope it doesn't happen again in the future! It's a shame that as soon as there's a super poverty it makes spins especially on bit play! good luck for the future! Keep us informed, I'm curious to know? hi!!!
wry Posted December 10, 2018 Author #7 Posted December 10, 2018 9 hours ago, JEEPERS0029 said: I hope at least they didn't steal anything from you, the hackers, I mean!!XD and if so, did co-pay your return or did you need insurance or something like that? As I understand it there are no reported losses yet, but that could just be because it's been kept quiet. Bitpay asserted that no one who used their Bitpay wallet had any coins lost to the hack. I have not heard anything about the co-pay wallet that uses the same basic code base. My sense is that everyone who has now upgraded and moved their coins is totally safe, it would be interesting to know though what % of users that is and how many are still vulnerable.
KiXxnTRiXx Posted January 18, 2019 #8 Posted January 18, 2019 I actually just created a Bitpay Wallet.. Thank you for this post, i hope everything has been worked out, but now that this has been brought to my attention, i can look into it for an update on this. Thanks again.
bmg Posted January 18, 2019 #9 Posted January 18, 2019 23 minutes ago, KiXxnTRiXx said: I actually just created a Bitpay Wallet.. Thank you for this post, i hope everything has been worked out, but now that this has been brought to my attention, i can look into it for an update on this. Thanks again. Bitpay is a great company. I myself am a very satisfied customer. I hope you like the Bitbay wallet as much as bigmann23 and I do.
Featured Comment
Archived
This topic is now archived and is closed to further replies.