Bitpay Big Exploit? - 323 btcs sent to unknown address

BitMaxz

legendary

Activity: 3374

Merit: 3095

Playbet.io - Crypto Casino and Sportsbook

Quote from: huguet2004 on December 12, 2022, 07:57:24 AM

Thanks for the message guys im digging further into this.

Have you tried my suggestion if you still have some balance on other addresses in your copay extracting private keys from your backup seed or wallet.json.aes is I think the best solution to take control of the address that still has funds and transfer it right away to another wallet like Electrum.
Never had any experience using copay but since they have backup seed or file there is still a chance that you can get the remaining funds in your wallet without contacting copay since they said they don't have control of your wallet.

So if I were you start extracting private keys from the seed or backup file before it transfers again to an unknown address.

huguet2004

newbie

Activity: 6

Merit: 0

Thanks for the message guys im digging further into this.

Quote from: rat03gopoh on December 10, 2022, 10:35:51 AM

I find out more about bitpay as your PM.

Thanks Rat03.

Is it possible for you to DM me your telegram?

Cheers!

rat03gopoh

hero member

Activity: 2212

Merit: 670

Signature designer - start @$10 - PM me!

I find out more about bitpay as your PM.

Quote from: huguet2004 on December 08, 2022, 07:59:40 AM

For those who think this was a copay exploit, do you guys have any evidence of that? Any leaked private keys or known bugs?

Of course there is no proof, this is just more probable supposition. After all, bitpay has really experienced exploitation before your case. The email you quoted:

Quote from: huguet2004 on November 29, 2019, 03:07:30 PM

That one was only for Copay, If you used that 1-1 wallet during that time, using the Copay app (not the Bitpay app) and send money on using that version, the key could have been compromised. That was almost 1 year ago, so it seems improbable.

According to news, malware is also spread on bitpay^[1].

Quote

The malware was deployed on versions 5.0.2 through 5.1.0 of its Copay and BitPay wallet apps, and could potentially be used to capture private keys to steal bitcoin and bitcoin cash.

So I'm going to stick to the previous assumption that your access key was leaked.

1. https://www.coindesk.com/markets/2018/11/27/fake-developer-sneaks-malicious-code-into-bitpays-copay-wallet/

stompix

legendary

Activity: 2912

Merit: 6403

Blackjack.fun

Quote from: JeromeTash on December 08, 2022, 04:53:55 PM

Also, how do you come to a conclusion that the few coins spent were moved to mixers? Please educate me.

Breaking into smaller inputs, sending them to addresses that join them together and then splits again into tens of inputs, addresses getting hundred+ BTC in multiple transactions in the same block and then emptying all again in a matter of seconds, that's mixing behavior, no CEX does so.

Quote from: huguet2004 on December 08, 2022, 07:59:40 AM

Also since 2021 without moving, this was made by a professional hacker not someone who had access to my phone or anything.

Or by somebody that got scared at the amount involved and decided to play low and set up his next moves carefully waiting to see if somebody knocks at the door, but probably this bear market is testing his patience with 6 million just in reach so he wanted at least a few of that now! Usually, professional groups try to settle things as soon as possible to reduce the risks of a member jeopardizing everything, plus a volatile market would lead to a lot of infighting.

JeromeTash

legendary

Activity: 2338

Merit: 1261

Heisenberg

Quote from: huguet2004 on December 08, 2022, 07:59:40 AM

Yes guys im aware that he spent coins, i tracked some but he used many mixers.

For those who think this was a copay exploit, do you guys have any evidence of that? Any leaked private keys or known bugs?

Me too im thinking this was a copay exploit/bug since i never shared my PK with anyone, etc. Also since 2021 without moving, this was made by a professional hacker not someone who had access to my phone or anything.

If it was made by a professional scammer, then what's stopping from spending all the coins via a mixer. I mean, there are mixers that can volumes of even 300 BTC if moved in split transactions.

Also, how do you come to a conclusion that the few coins spent were moved to mixers? Please educate me.

huguet2004

newbie

Activity: 6

Merit: 0

Yes guys im aware that he spent coins, i tracked some but he used many mixers.

For those who think this was a copay exploit, do you guys have any evidence of that? Any leaked private keys or known bugs?

Me too im thinking this was a copay exploit/bug since i never shared my PK with anyone, etc. Also since 2021 without moving, this was made by a professional hacker not someone who had access to my phone or anything.

JeromeTash

legendary

Activity: 2338

Merit: 1261

Heisenberg

Quote from: nc50lc on November 12, 2022, 11:33:08 PM

Quote from: huguet2004 on November 12, 2022, 04:16:22 PM

Hey guys, still nothing resolved.

Unfortunately, there's a bad news: your funds in 1CYYS3R6CKD43nCxFbqvEvjr3VUScKswBw is now spent: aeb87b9dc18739dd178a8e9f138d31e614de537b925a8df33d310383b0d237c0
That alone should rule out that it's still in your wallet or caused by a bug that sent it a random address.

The address still has a balance of 277 BTC though (https://mempool.space/address/1CYYS3R6CKD43nCxFbqvEvjr3VUScKswBw). It wasn't all spent. The person just spends 5 or 6 BTC and the change goes back to the address. Maybe the person is doing this to slowly cash out the BTC without risking all of it and having it seized.

rat03gopoh

hero member

Activity: 2212

Merit: 670

Signature designer - start @$10 - PM me!

Quote from: huguet2004 on November 12, 2022, 04:16:22 PM

Hey guys, still nothing resolved.

Anyone heard or had any other copay exploits related issues?

Your problem is at this address, 16Y4jj7LXLU8P7UrYP5VEfCdZ7W3w3xVNh^{(1st addy)} sending to an address not in your control 1CYYS3R6CKD43nCxFbqvEvjr3VUScKswBw^{(2nd addy)}. I thought your access key was leaking on your phone without you realizing it.

However I can't say that this is an exploit by hacker as long as the 2nd address still holds most of the bitcoins from your address. Came to the conclusion that this is a bitpay system bug (imo), not an exploit. If you wanna contact support, just ask who controls the 2nd address, this address has done a lot of tx output since you raised this case.

nc50lc

legendary

Activity: 2618

Merit: 6452

Self-proclaimed Genius

Quote from: huguet2004 on November 12, 2022, 04:16:22 PM

Hey guys, still nothing resolved.

Unfortunately, there's a bad news: your funds in 1CYYS3R6CKD43nCxFbqvEvjr3VUScKswBw is now spent: aeb87b9dc18739dd178a8e9f138d31e614de537b925a8df33d310383b0d237c0
That alone should rule out that it's still in your wallet or caused by a bug that sent it a random address.

Since it's obviously spent, someone has access to that address's private keys.

huguet2004

newbie

Activity: 6

Merit: 0

Hey guys, still nothing resolved.

Anyone heard or had any other copay exploits related issues?

Patatas

legendary

Activity: 1750

Merit: 1115

Providing AI/ChatGpt Services - PM!

Quote from: huguet2004 on November 29, 2019, 03:07:30 PM

-snip-

Seems like Copay is trying to hide something from the vague replies they have sent to you. Makes sense that your keys could have compromised or CoPay could have been hacked. The only hope you have is keeping track of how the coins are moved. Watching this thread and tracking the coins.

huguet2004

newbie

Activity: 6

Merit: 0

Nop the issue was not recovered.
That was their last email

My specialist is thinking was a copay bug, my privates keys were impossible to be phiscally stolen and i never hold them online anywhere.

------------------------------------------------

Hello Hugo,

No, I have no news on that case, nor another related user report. We continue to check if we find any security issues on the current builds.

Did you created the wallet in 2017 using the Copay Wallet?
Are you aware of the issue https://nvd.nist.gov/vuln/detail/CVE-2018-1000851 that affected wallets in Copay from version 5.0.1 to 5.1.0?

That one was only for Copay, If you used that 1-1 wallet during that time, using the Copay app (not the Bitpay app) and send money on using that version, the key could have been compromised. That was almost 1 year ago, so it seems improbable.

Other than that, at the moment we have no other idea of how the keys could have been compromised.

huguet2004

newbie

Activity: 6

Merit: 0

Quote from: Chlotide on November 29, 2019, 06:21:22 AM

Weird things happen
The ~294 BTC still in Bitpay address
https://i.imgur.com/5kFF3Vw.jpg

Seems case is closed since github issue was also closed.

https://github.com/bitpay/copay/issues/10364

OP, how did this story end ? Got the $2.5M back ? (I get chills when just writing that amount...)

Why in bitpay address? the addres 1CYYS3R6CKD43nCxFbqvEvjr3VUScKswBw is not in bitpay

bL4nkcode

copper member

Activity: 2142

Merit: 1305

Limited in number. Limitless in potential.

Hope it's just a bug from bitpay's side and the funds are still on the wallet and can be recovered, coz if not, then that's really a huge loss to begin with.

coupable

hero member

Activity: 2338

Merit: 757

Quote from: Rafilsk on November 29, 2019, 08:13:24 AM

Very strange, I think it's a problem with Copay and they are trying to hide the case.

May be not! Op mentioned that he received this notification in github :

Quote

On 23 Nov 2019, at 19:59, micahriggan <[email protected]> wrote:

Hello, I think you may be okay, from looking at our database I think I see an issue that could be affecting your wallet.

—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub<#10364?

And he confirmed that he contacted them via this email :

Quote

Hello,

Could you please contact us at [email protected] so we can investigate the issue further.

thanks.

Even bitpay support confirmed the issue, Am really interested to know what should infect a wallet "called trusted" and who is the owner of the receiving address ?

Rafilsk

member

Activity: 125

Merit: 10

The case was not resolved and they ended the topic on the very tin Github.

Very strange, I think it's a problem with Copay and they are trying to hide the case.

Chlotide

full member

Activity: 305

Merit: 106

Weird things happen
The ~294 BTC still in Bitpay address

Seems case is closed since github issue was also closed.

https://github.com/bitpay/copay/issues/10364

OP, how did this story end ? Got the $2.5M back ? (I get chills when just writing that amount...)

BitMaxz

legendary

Activity: 3374

Merit: 3095

Playbet.io - Crypto Casino and Sportsbook

Maybe the balance from your copay wallet is sent to a change address connected to your copay wallet just like what they said from here "Where did my funds go in my BitPay wallet?"
Just keep your copay wallet connected and sync properly you will get your balance back from your copay wallet in the new wallet address.

Just in case the balance still doesn't show then try to extract all of your private keys from your copay wallet and import it to other wallets like Electrum wallet. You can follow the guide from here "How do I get the private key from my BitPay or Copay wallet?"

Let's hope that you can find your balance from exported private keys in your Copay wallet and import it to the Electrum wallet.
Make sure to download Electrum from real electrum.org and verify the signature to make sure your wallet is real and not a fake one.

bL4nkcode

copper member

Activity: 2142

Merit: 1305

Limited in number. Limitless in potential.

That's a huge amount to store in a merely mobile wallet even if I have only 1 BTC, I will not risk my funds on mobile wallet/device.

And you sure you never shared your recovery seed to others or saved it somewhere online? It's likely a compromised seed if you defend that your device isn't infected with malware.

nc50lc

legendary

Activity: 2618

Merit: 6452

Self-proclaimed Genius

Quote from: huguet2004 on November 26, 2019, 07:34:05 PM

I've experience what it seems a huge exploit in my copay wallet, with 336.2008 btcs beeing moved out. This is a new phone use only for btc, never in public wifi, never downloaded anything other than essencial apple apps, etc.

You're hodling hundreds of thousands worth of Bitcoins in a mobile device? You should be using a hardware wallet by now.
Anyways, how about your backup, is it safe from hackers or anyone close to you (physically)?
Copay is an HD wallet so one way to get hacked is through your SEED or backup.

Maybe not relevant, but someone just reported the same "hacking" issue to their github repo:Funds lost from wallet #10373
If it isn't your seed or device, they are the only one who can help you with this matter.

For your own protection, do not display your master public key (xpub) in the public because all of your previous and future transactions/addresses will be visible once it was imported.

huguet2004

newbie

Activity: 6

Merit: 0

I've experience what it seems a huge exploit in my copay wallet, with 336.2008 btcs beeing moved out. This is a new phone use only for btc, never in public wifi, never downloaded anything other than essencial apple apps, etc.

All of the sudden after 3 withdraws from otc dealers were confirmed my wallet sent 293.998 btcs to the address(below), i thought was a normal wallet re-sync(as it happens almost weekly in copay where u dont see your funds) and sent the previous balance to myself at: bd8b85b5fbec189c491b950e10d31c20678aeeac7e3b14fd9bbbb8e82afd0f0b
After receiving my balance, my wallet again sent it to the address.

Tried already restoring in other wallets and in others deviaton path, no success, looks like a hacking/exploit situation.

Help!!

Device: Recently(3 weeks ago) bought iphone 11 pro. IOS 13.1.2
App version: 7.1.6
Wallet funds went to: 1CYYS3R6CKD43nCxFbqvEvjr3VUScKswBw
Xpub: xpub6D9TkHyd2Zn5PgTSprttDdtn3oMEtTmasxLoy45SEEVzouWfzzDWwgGdThnhV9TGEBGGcdkMG7n z9t3JswoyKwn3Me9qVYCJTFP7LEuG2uP

Topic: Bitpay Big Exploit? - 323 btcs sent to unknown address (Read 427 times)