Dangerous bug in the Copay wallets used by Bitpay
Dangerous bug in the Copay wallets used by Bitpay

Dangerous bug in the Copay wallets used by Bitpay

By Fabio Lugano - 27 Nov 2018

Chevron down

The developers would have discovered a dangerous bug in the Copay wallets used by BitPay.

The module, called “Event-stream”, part of the Node.js program, is used by several applications including the widely used cryptocurrency wallets, which would have been compromised by a user who has been recklessly left with access to the Github repository.

This is what has been established after that @dominictarr, who has access to the repository, granted control of the module to another user.

How was the bug on Copay created?

After accessing the Github repository, the user inserted a malware into it that he then removed himself after 3 days, reporting it as a problem.

In this way, after the patch correction, the malware went unnoticed, but in the meantime, it was already installed on tens, if not hundreds, of thousands of wallets that were infected.

The use of open source libraries is very common in the world of software development and usually these products are created and maintained by hobbyists: these programmers are professionals paid by companies that have an interest in the development of the software itself, such as RedHat developing Linux interfaces that, instead of waiting for the new versions created freely, prefers to drive the development.

Of course, in this case, this working model is very risky for sensitive software such as cryptocurrency wallets, which can keep even large sums of money.

Fabio Lugano

Graduated with honors from Bocconi University, Fabio is a consultant for companies and wounded shareholders of the Banche Venete. He is also the author of "Scenari Economici", and lecturer and analyst of cryptocurrencies since 2016.

We use cookies to make sure you can have the best experience on our site. If you continue to use this site we will assume that you are happy with it.