Bitpay’s open source wallet Copay might have leaked the private keys of an unknown number of users after a popular library that it uses for input/output streams was compromised with malware that specifically targets the software.
Currently, millions of people use software developed using the event-stream dependency, possibly causing problems for other cryptocurrency projects, according to a thread on Github discussing the subject.
Unraveling the details
This compromise happened due to a mixture of incompetence and social engineering. The dependency’s maintainer, Dominic Tarr, allowed another user—@right9ctrl—to take over the maintenance of the project despite the user not having many contributions on Github, the network that the project used for its repository.
Basically, the owner of the project handed everything over to someone he didn’t know he could trust.
This article appeared first on Cryptovest