Bitcoin is a profound Economic Rennaisance, falsely wrapped in a Tech Bubble, itself falsely wrapped in a Get-Rich-Quick Scheme. The complete takeover success of cryptocurrencies is inevitable destiny. It is mathematically inescapable. Once you see this, you can't unsee it. - Murad
Forwarded from Cointify | Blockchain & CryptoCurrency
WARNING: Copay's Bitcoin Wallet Compromised Due to Malicious Module Attack
BitPay’s open-source bitcoin wallet - Copay, was reportedly compromised thanks to what can objectively be referred to as social engineering, laziness, and incompetence.
The Copay wallet was/is vulnerable to keys being stolen due to the "
The library event-stream is used in many Node.js applications. The new maintainer
In a nutshell, We don't know who has been robbed by this attack. It only leaked private keys of wallets with > 100btc. It sent them to copayapi.host, a server hosted in Malaysia and running ExpressJS (the attackers are JavaScript programmers). More details on the above hyperlinks. We sure do want adoption but if things like this keeps on happening, then forget about anything close to adoption.
BitPay’s open-source bitcoin wallet - Copay, was reportedly compromised thanks to what can objectively be referred to as social engineering, laziness, and incompetence.
The Copay wallet was/is vulnerable to keys being stolen due to the "
event-stream" module containing malware. Dominic Tarr - Prev. Lead Dev, handed over maintenance of the module to a user with very little coding activity on GitHub who requested publishing rights to the event-stream library from him, who said that he had not maintained the repository in years and gave control to that new user. Other NPM module users might also be affected. However, in this case it looks like this attack was specifically crafted to target a NPM module used by the Copay wallet.The library event-stream is used in many Node.js applications. The new maintainer
right9ctrl either pulled a sneaky move to inject malware or unknowingly had the same effect as if he had, that effect being that it would leak private keys from applications that relied on both the event-stream and copay-dash modules (dependency attack). So basically, the developer updated the module with malware and then patched the problem to avoid detection. Here's one great discussion thread on the said module attack.In a nutshell, We don't know who has been robbed by this attack. It only leaked private keys of wallets with > 100btc. It sent them to copayapi.host, a server hosted in Malaysia and running ExpressJS (the attackers are JavaScript programmers). More details on the above hyperlinks. We sure do want adoption but if things like this keeps on happening, then forget about anything close to adoption.
Forwarded from Cointify | Blockchain & CryptoCurrency
BREAKING: Nasdaq Plans to Pursue Bitcoin Futures. Wants to Introduce the Contracts During the Q1 2019.
According to Bloomberg, Nasdaq Inc. (World’s 2nd Largest Stock Exchange) is moving ahead with a plan to list Bitcoin futures, according to two people familiar with the matter, betting on sustained interest despite the cryptocurrency’s dramatic plunge over the past year.
Nasdaq has been working to satisfy the concerns of the U.S.’s main swaps regulator, the Commodity Futures Trading Commission, before launching the contracts, the people said. The exchange operator, which was first reported to be eyeing Bitcoin futures last year, wants to allow trading in the first quarter of 2019, one of the people said. Exact dates not announced yet.
Point to be noted that, Nasdaq isn’t the only impending Bitcoin derivative. NYSE owner ICE (Bakkt) will launch its own contracts on Jan. 24.
According to Bloomberg, Nasdaq Inc. (World’s 2nd Largest Stock Exchange) is moving ahead with a plan to list Bitcoin futures, according to two people familiar with the matter, betting on sustained interest despite the cryptocurrency’s dramatic plunge over the past year.
Nasdaq has been working to satisfy the concerns of the U.S.’s main swaps regulator, the Commodity Futures Trading Commission, before launching the contracts, the people said. The exchange operator, which was first reported to be eyeing Bitcoin futures last year, wants to allow trading in the first quarter of 2019, one of the people said. Exact dates not announced yet.
Point to be noted that, Nasdaq isn’t the only impending Bitcoin derivative. NYSE owner ICE (Bakkt) will launch its own contracts on Jan. 24.