A hacker with access to a popular open-source Javascript Library has sneaked malicious code that steals Bitcoin and Bitcoin Cash Funds stored in BitPay Copay wallets. According to ZDNet’s article published on November 26, 2018, the Copay team mentioned that all version between 5.0.2 and 5.1.0. were infected and all users are advised to update to newer versions 5.2.0 and later, which no longer contain the dangerous code.

Code Designed to Steal Users’ Wallet Information

The incident occurred approximately three months ago. The original author due to limited time and interest outsourced the development responsibilities to another programmer called Right9ctrl.

According to Arstechnica, Right9ctrl inserted the malicious code in two different stages into event-stream, an extremely well-known code library that contains a Javascript npm package, which is used by a wide range of companies from large corporates to emerging startups. In the first stage, the hacker published version three on September 8 which contained a module called flatmap-steam.

Flatmap-steam initially did not have any dangerous code. However, during stage two on October 5, the hacker updated flatmap-steam to include the malicious code. The malicious code is designed to steal users’ wallet information such as their private keys and send the data to a server located in Kuala Lumpur.

Github user Ayrton Sparling discovered the bad code last Tuesday and released a report on Github. The officials with the NPM, the open source project manager responsible for hosting event-stream, however, failed to issue notice and an advisory until Monday the following week, six days from the date of discovery.


Malicious Code Targets BitPay’s Copay Wallet Users

The NPM officials mentioned that the malicious code was inserted to target people who use a BItcoin wallet created by Copay. A Copay official said in a Github discussion that the code was not implemented and deployed on any platforms.

After the post, Copay officials, however, updated their comment and mentioned that there were platforms that did contain the dangerous code. In response to the situation, Copay has released a blog post updating wallet users which versions were affected and warned users that they should avoid using the application until they have installed the latest version 5.2.0 that is free from the malicious code.

“This compromise…targeted a select few developers at a company, Copay, that had a very specific development environment setup,” said an NPM Official to Ars Technica. “Even then, the payload itself didn’t run on those develops’ computers; rather, it would be packaged into a consumer-facing app when the developers build a release,” NPM noted that the overall goal of the hacker was to steal cryptocurrencies from Copay’s end users since the malicious code was not designed to attack any developers.

This post is credited to btcmanager

Bulgarian Gendarmerie forces and specialized prosecutors have arrested three hackers allegedly involved in stealing $5 million in crypto, Sofia-based newspaper 24 Chasa reports Monday, Nov. 26.

Bulgarian police reportedly seized cryptocurrencies worth around $3 million, as well as the equipment allegedly used by the thefts, including computers, flash drives, and a hardware portfolio for storage of crypto data.

Apart from notebooks containing crypto accounts, the prosecutors have also seized a car that was allegedly purchased with stolen funds and worth about 60,000 in Bulgarian Lev (BGN) (about $35,000). According to prosecutors, the suspects implemented new hacking methods and performed advanced computer skills in the scam. The criminals also used specialized software for the hacking scheme.

The prosecutors reportedly launched the investigation five months ago, shortly after being informed about the first cases of the alleged scam. The suspects are currently imprisoned by order of a local specialized court.

Last week, U.S. authorities in the state of California arrested a 21-year old man from New York for the alleged theft of $1 million in crypto in a “SIM-swapping” scheme. The hacking method involves the stealing of a cell phone number in order to hijack online financial and social media accounts.

Previously, California-based law enforcement group REACT Task Force reported that “SIM swapping” has become one of its “highest priorities” in a bid to fight cryptocurrency fraud.

This post is credit to cointelegraph