bitserve
Hero Member
*****
Offline Offline

Activity: 882
Merit: 761


HODL.


View Profile Personal Message (Offline)

Ignore
November 27, 2018, 02:30:05 AM

Breaking: Numerous Bitcoin Wallets May Have Been Compromised by Rogue Developer

https://www.ccn.com/breaking-numerous-bitcoin-wallets-may-have-been-compromised-by-rogue-developer/

Quote
A user with very little coding activity on GitHub requested publishing rights to the event-stream library from its previous maintainer, Dominic Tarr, who said that he had not maintained the repository
in years and gave control to the new user, called right9ctrl.

The library event-stream is used in many Node.js applications. According to a complainant on GitHub, the new maintainer right9ctrl either pulled a sneaky move to inject malware or unknowingly had the
same effect as if he had, that effect being that it would leak private keys from applications that relied on both the event-stream and copay-dash modules.

Basically, the developer updated the module with malware and then patched the problem to avoid detection, but the numerous people who had already installed it remain affected.
Copay — whose open-source code is itself used by many crypto applications — would be just one of many that use the library, but it happens to be built and maintained by a multi-million dollar
Bitcoin payment processing company — BitPay — which raises questions on its own.

And that's why we use hardware wallets to have an additional layer of protection against leaking the private key.

Software hot wallets will always be much more vulnerable.