![]() It is not offered or intended to be used as legal, tax, investment, financial, or other advice. This article is provided for informational purposes only. BitPay is the leading provider of cryptocurrency payment solutions helping consumers, businesses and other financial institutions seamlessly accept. While the library is used in hundreds of thousands of different unaffected applications, the vulnerability has sparked an interesting conversation on many developer forums about potential future changes to developer workflows or open-source release architecture to avoid similar issues. They are currently patching the vulnerability. The Kessler Collection has partnered with BitPay, the worlds largest provider of bitcoin and cryptocurrency payment services, to collect cryptocurrency. The issue was quickly resolved in a new release but other wallets such as the Keoken bitcoin/bitcoin cash wallet, which copied BitPay's codebase via a fork, are similarly affected. View Career Advice Hub Others named Fernando Botelho. Visit the Career Advice Hub to see tips on accelerating your career. This platform improved development efficiency by over 200. Atlanta, Georgia, United States 101-250 Series B Private / 2,640 Highlights Total Funding Amount 74. The exploit then sent funds to a server in Kuala Lumpur after capturing the wallet passwords. Designed and developed a platform to dynamically integrate with payment providers (gateways) such as PayPal, Stripe, BitPay and others. BitPay provides enterprise-grade bitcoin payment solutions for businesses and organizations.The code specifically targeted accounts with balances > 100 BTC or 1000 BCH.It was written to specifically look for hot wallets (those running in a browser or on mobile).When expanded, the code revealed the vulnerability: The added code was obfuscated, making it difficult to read at a glance. The issue was flagged on BitPay's repository earlier today. The malicious code was flagged in the original repository six days ago but only understood more recently as it specifically targeted the app Copay, a cryptocurrency wallet developed by the bitcoin payment processor BitPay. In this case, the malicious addition to the library was a very well-executed social attack where the attacker, an anonymous developer with the handle right9ctrl, was given control of the code repository from maintainer Dominic Tarr three months ago, after offering to help maintain the code. With too many changes to track manually, developers often take for granted the stability of large open-source libraries. Popular applications are built on many layers of open-source tooling. The vulnerability enabled malevolent actors to steal bitcoin and bitcoin cash from accounts using BitPay's Copay wallet application. A vulnerability on the popular Javascript library event-stream, used for streaming data in Node.js applications, affected BitPay's Copay wallet application, which depended on the library downstream.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |