Main Page > Blog >

 

AMLT Crypto Alert of the Week - BitPay Wallet Vulnerability

Dec 07, 2018

About Us

Recognized as a global leader in RegTech for blockchain, Coinfirm serves as a foundation for the safe adoption and use of blockchain. The Coinfirm AML/CTF Platform uses proprietary algorithms and big data analysis to provide structured, actionable data that solves compliance and transaction risk issues in blockchain and cryptocurrencies. The blockchain agnostic platform is currently used by anyone ranging from major financial institutions to exchanges. In addition, Coinfirm develops dedicated blockchain solutions such as the data provenance platform Trudatum that was recently integrated by the largest bank in CE.



Follow Us

blog-image

Welcome to week 17 of the Crypto Alert of the Week series by AMLT, a series dedicated to documenting interesting or high profile frauds/hacks etc that recently happened and have been reported into the AMLT Network and show how the AMLT Network can help track and prevent it in the future.

Recently, a US based payment processor – BitPay has issued a statement regarding their wallet being compromised. What’s really interesting in this case is that the hacker didn’t even need to directly attack BitPay or the Copay wallet, he just easily gained access to one of the libraries they used.

It looks like the whole attack took barely any effort, as the person responsible for maintaining the repository gave the rights to it without giving it a lot of thought. Right after gaining access, the attacker proceeded to inject malicious code into the library.

Considering that the npmjs.com repository has over two million weekly downloads the attack could’ve been much worse. The investigation concluded that the malicious code was only specifically targeting the copay wallet. Once compiled, the app then proceeds to steal users’ private and public keys, sending it to the attacker.

Luckily, the attack was detected by GitHub users. BitPay has also reached out to their users and warned them about the possibilities and consequences while also suggesting that everyone moves all of their funds from wallets possibly affected by the malicious code.

This was a so called “Social engineering attack” is very much unsophisticated and highlights the danger in using too many dependencies as well as not archiving non-maintained repositories or at least vetting possible maintainer candidates.

AMLT is focused on making the cryptocurrency space safer by providing tools to report and analyze various malicious actors. Anyone can contribute by reporting addresses through the AMLT panel/widget at amlt.coinfirm.com while also receiving a reward for it when becoming an AMLT Network Member. The submitted data is then processed by our team and added to the database. Flagging actions like these helps us fight the nefarious actors hurting the crypto space.

Below you can see a Coinfirm AML Risk Report created for wallet hackers address:


If you're interested in partnering with Coinfirm or becoming an AMLT Network Member then contact us!

Thank you for your continued support and make sure to follow all of our latest updates on Twitter, Facebook, LinkedIn and Telegram Community.

Sincerely,
The AMLT Team