Topic: Hacker Backdoors JavaScript Library to Steal Bitcoin Funds (Read 204 times)
It isn't only inside BitPay's Copay wallet apps but all crypto wallets, in general, that use Javascript. Don't worry Copay isn't the only one and you can expect to hear more about it and people with lost funds, in a few days.
A hacker has gained (legitimate) access to a popular JavaScript library and has injected malicious code that steals Bitcoin and Bitcoin Cash funds stored inside BitPay's Copay wallet apps. The presence of this malicious code was identified last week, but until Nov 26, have researchers been able to understand what the heavily obfuscated malicious code actually does.
it seems that this is one of the factors of the crypto failure that still exists, and more news days about hacking wallet and exchange are increasing. Previously I also heard about the weaknesses in API trading in one of the markets, this made the price of the major coin in the market a severe dump, but fortunately the hackers could not cash out.
a very sneaky one, no doubt! common users has very little defense against malwares that uses JavaScript as it can be easily embedded in any web-page!
this is yet another reminder of the importance of cold storage. if you have your coins in cold storage like a paper wallet, bugs like this would never affect you and your coins will remain safe. the hot wallets should always only contain the amount that you want to spend.
People think open source is secure because someone has vetted the code, however it is rare that anyone actually does and just focuses on what it does and if it can be used
This was a sneaky one. 
Someone got publishing rights to the event-stream library on GitHub that are used by BitPay and they injected some malware or malicious code.
BitPay does not develop the libraries on their own and blindly trust these Open source libraries. This is why these centralized services are targeted, because they are simply too lazy and stingy to pay reputable developers to develop safe and secure sites for them.
Hackers knows this and they target code like this that are used by more than one "target"
Someone got publishing rights to the event-stream library on GitHub that are used by BitPay and they injected some malware or malicious code.
BitPay does not develop the libraries on their own and blindly trust these Open source libraries. This is why these centralized services are targeted, because they are simply too lazy and stingy to pay reputable developers to develop safe and secure sites for them.
Hackers knows this and they target code like this that are used by more than one "target"
A hacker has gained (legitimate) access to a popular JavaScript library and has injected malicious code that steals Bitcoin and Bitcoin Cash funds stored inside BitPay's Copay wallet apps. The presence of this malicious code was identified last week, but until Nov 26, have researchers been able to understand what the heavily obfuscated malicious code actually does.
Is this one factor that contributed to the current dip? I have yet to look at this news but its really scary if you're using a wallet written in JavaScript and secretly stealing your bitcoin. Those criminals are really one step ahead of us, so just be careful with your crypto wallet.
for anyone interested here is the link: https://www.theregister.co.uk/2018/11/26/npm_repo_bitcoin_stealer/
and you should know that it is not just affecting BitPay wallets, it is affecting any other program that is using this rather popular library. so if your wallet is written in JavaScript then you may want to stop using it until you confirm it was not using that library.
and you should know that it is not just affecting BitPay wallets, it is affecting any other program that is using this rather popular library. so if your wallet is written in JavaScript then you may want to stop using it until you confirm it was not using that library.
hmm. javascript is the language that can be bundled with the script. maybe it possible that the hacker gets all the information about the wallet using the javascript. and i think we should careful with our wallet because of this news
A hacker has gained (legitimate) access to a popular JavaScript library and has injected malicious code that steals Bitcoin and Bitcoin Cash funds stored inside BitPay's Copay wallet apps. The presence of this malicious code was identified last week, but until Nov 26, have researchers been able to understand what the heavily obfuscated malicious code actually does.
Jump to: